Tetsuo Handa
from-****@I-lov*****
Thu Jun 2 21:41:24 JST 2011
Jamie Nguyen wrote: > Actually, I think it is less than ideal that we have a different > directive for exception policy, but are re-using > "auto_domain_transition" and "task manual_domain_transition". It makes > sense to re-use, so is there a way we can re-use initialize_domain? > Such as: > > initialize_domain <$namespace> /usr/bin/foo from any > > (where omission of <$namespace> implies that it remains in the same namespace). Omission of <$namespace> cannot imply that it remains in the same namespace, for "initialize_domain" is currently used (and should not be changed at least within TOMOYO 1.8.x) as a directive that causes transition to "<current_namespace> /usr/bin/foo" domain. It is very strange that initialize_domain <$namespace> /usr/bin/foo from any transits to "<$namespace>" domain whereas initialize_domain /usr/bin/foo from any transits to "<current_namespace> /usr/bin/foo" domain. Therefore, initialize_domain <$namespace> /usr/bin/foo from any would have to transit to "<$namespace> /usr/bin/foo" domain rather than "<$namespace>" domain. I think users want to start from "<$namespace>" domain. Technically, it is a matter of adding policy parser code. By reusing existing policy parser by adding a new directive that receives the same parameters, we can avoid adding policy parser code. Since "initialize_domain" and "keep_domain" already share the same policy parser code, adding (e.g.) "restart_domain" is ideal from the point of view of code size. (Of course, I will add/expand policy parser code if there are good reasons.) > Perhaps then I will revitalize my original push for > "initialize_namespace" (sorry Toshiharu!) for two reasons. I'm trying to support namespaces with minimum changes. Thus, adding a new directive that receives the same parameters is ideal for me if it is acceptable. > Secondly, it implies that the directive is similar in action to > "initialize_domain", which controls domain transition on program > execution. I think "restart_domain" (or "reset_domain") can imply that the directive is similar in action to "initialize_domain", which controls domain transition on program execution. > The problem with ***_domain is that it doesn't really imply that the > domain is in another namespace. It isn't as self explanatory as > ***_namespace is. Indeed. But, why do you care "whether the domain is within current namespace or not" for only program execution case? We are (as of r5081) allowing transition to both domains within current namespace and domains outside current namespace for "task manual_domain_transition" case and "auto_domain_transition=" case without distinction. If you do want to distinguish for program execution case, I think we also need to distinguish "task manual_domain_transition" case and "auto_domain_transition=" case; and add syntax validator that rejects domainnames that do not match the constraint (e.g. "task manual_domain_transition" that refers a domain outside current namespace is illegal); I'm not willing to do so since the amount of code is not trivial. The reason I decided to reuse "task manual_domain_transition" for transition to both domains within current namespace and domains outside current namespace is that I felt that the validator code does not worth adding to the kernel and should be avoided. > Firstly, > this directive implies that the domain is in another namespace. Since "task manual_domain_transition" and "auto_domain_transition=" can transit to other namespaces, it is natural for me that "restart_domain" can transit to other namespaces. "initialize_domain /usr/sbin/httpd from any" is interpreted as the process will transit to "<current_namespace> /usr/sbin/httpd" domain if /usr/sbin/httpd is executed from arbitrary domains in current namespace and "keep_domain /usr/sbin/httpd from any" is interpreted as the process will keep current domain if /usr/sbin/httpd is executed from arbitrary domains in current namespace . "restart_domain /usr/sbin/httpd from any" will be interpreted as the process will transit to "</usr/sbin/httpd>" domain if /usr/sbin/httpd is executed from arbitrary domains in current namespace .
TOMOYO
Fork