Tetsuo Handa
from-****@I-lov*****
Mon Aug 29 07:17:59 JST 2011
Jamie Nguyen wrote: > But since the new directives aren't making any new things possible or making > any new problems solvable, I'm reluctant to see them added. Well, at least, advantage 1 is made possible by this optional argument. Until now, there was no way to transit to different domains depending on command line arguments/environment variables/process's credentials passed to execve() request (unless we use "task manual_domain_transition" from a program executed by "task auto_execute_handler"). An alternative approach to make advantage 1 possible is to expand domain transition control directives in exception policy like transit_domain <kernel> /usr/sbin/sshd //batch-session upon /bin/sh from any if exec.argc=2 exec.argv[1]="-c" . (If we take alternative approach, we might be able to change from reset_namespace /usr/sbin/sshd from any to transit_domain <sshd> upon /usr/sbin/sshd from any if task.uid=0 .) Also, advantage 3 solves ordering problem caused by use of "aggregator" directive. Advantage 4 simplifies exception policy by removing lines (e.g. no_initialize_domain /usr/sbin/sendmail from </usr/sbin/httpd> /var/www/cgi-bin/mailform.cgi that applies to only </usr/sbin/httpd> /var/www/cgi-bin/mailform.cgi domain). This proposal makes it possible to specify domain transition more precisely without adding domain transition control directives to exception policy.
TOMOYO
Fork