I think these may have been adopted from the old Red Hat targeted policy (that model only had unconfined users)
Some aspect to note:
1. The ssh_sysadm_login boolean now applies to unconfined_t as well
2. remotelogin only allows unpriv logins
The rshd module also calls unconfined_shell_domtrans() but I ignored that one because that policy currently does not have support for manual transitions with pam_selinux.
Signed-off-by: Dominick Grift <dac.override@gmail.com>
Debian's PAM configuration uses a patched pam_motd module that runs
files in /etc/update-motd.d/ in order to generate a dynamic Message Of
The Day (MOTD). By default, there is only one script:
$ cat /etc/update-motd.d/10-uname
#!/bin/sh
uname -snrvm
According to https://wiki.debian.org/motd, the script is executed
through run-parts:
if (!system("/usr/bin/env -i
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
run-parts --lsbsysinit /etc/update-motd.d >
/run/motd.dynamic.new"))
rename("/run/motd.dynamic.new", "/run/motd.dynamic");
This requires allowing pam_motd users to execute bin_t commands
(/usr/bin/env) and shells (/bin/sh), and to manage /run/motd.dynamic*
files.
Allow relevant accesses for Debian-based systems.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
It already has dac_override, and depending on the pam modules being
used, this may actually be neccessary. Due to the 4.13 changes, I'm now
getting dac_read_search denials.
Improve the locallogin module by curbing on dac_override permissions
in the sulogin domain (read/search permissions only).
Thanks to Dominick Grift for suggesting this.
Other modules are likely affected by the same issue.
Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
This patch is slightly more involved than just running sed. It also adds
typealias rules and doesn't change the FC entries.
The /dev/apm_bios device doesn't exist on modern systems. I have left that
policy in for the moment on the principle of making one change per patch. But
I might send another patch to remove that as it won't exist with modern
kernels.
I have used optional sections for dbus and xserver as requested and also
fixed a minor issue of a rule not being in the correct section.
Please merge this.
This patch fixes the policy for sulogin. It is very important
because without this patch, sulogin cannot work properly and
it should be considered that it is used as an emergency shell
when there are serious consistency errors in the system, so it
constitutes the only way to recover the system in such
circumstances.
Nowadays, sulogin never uses PAM (at least not the official one
from util-linux), so obsolete, confusing and buggy policy has
been removed.
Extensive testing carried out while creating this patch indicates
that there aren't other permissions needed to successfully run
sulogin.
This second version should apply cleanly to the latest git tree.
Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
Use nscd_use instead of nscd_socket_use. This conditionally allows
nscd_shm_use
Remove the nscd_socket_use from ssh_keygen since it was redundant
already allowed by auth_use_nsswitch
Had to make some ssh_keysign_t rules unconditional else
nscd_use(ssh_keysign_t) would not build (nested booleans) but that does
not matter, the only actual domain transition to ssh_keysign_t is
conditional so the other unconditional ssh_keygen_t rules are
conditional in practice
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
Chris PeBenito
Antoine Tenart
Dominick Grift
Nicolas Iooss
Russell Coker
Luis Ressel
Jason Zaman
Guido Trentalancia
cgzones
Chris PeBenito
Dominick Grift