refpolicy icon indicating copy to clipboard operation
refpolicy copied to clipboard
verified publisher icon SELinuxProject

Rework shadow transitions and access

Open aerusso opened this issue 11 months ago • 4 comments

shadow access is tightly controlled, with separate types for the shadow files and the locks. This patch distinguishes the two by enumerating the backup filenames and lock file names in their associated file transition rules.

Prior to this, the overbroad file transition rules would cause various shadow-manipulating tools to create lock files with the incorrect shadow_t label.

aerusso avatar May 10 '25 13:05 aerusso

I adjusted the rw_files_pattern macro to allow searching /etc (etc_t), and I think that's causing the lint failure. Should I just have it grant the useless dir search permission for shadow_lock_t, and expect that the etc_t search permission is granted by some other rule?

aerusso avatar May 10 '25 13:05 aerusso

With these changes have to tested changing a users' password (twice - due to files created after the first change)? And keep in mind that things behave differently in enforcing vs. permissive.

dsugar100 avatar May 13 '25 02:05 dsugar100

I've also included some dpkg-specific changes, but (despite running Debian) have not tested them. This is in the final patch, and is motivated by a a read of the update-passwd.c source file.

aerusso avatar May 19 '25 03:05 aerusso

I think this is in good shape, though there were a few points I was unclear on. Sorry if I'm being dense on those!

aerusso avatar Jul 19 '25 22:07 aerusso