Bug 250453

Summary: nasd opens sockets from communications in /tmp
Product: [Fedora] Fedora Reporter: Daniel Walsh <dwalsh>
Component: nasAssignee: Frank Büttner <bugzilla>
Status: CLOSED NEXTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: high    
Version: rawhideCC: nalin, rdieter, spng.yang
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-08-11 17:34:17 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Still some problems. This is the policy I will go with
none
Interface file
none
TE File none

Description Daniel Walsh 2007-08-01 18:06:40 UTC 
Description of problem:

This is a bad idea.  It blows up stuff like polinstantiated /tmp directoryies. 
Also opens your system to potential security violations if multiple users can
share tmp, I could trick the program nasd server into doing something bad. 
Socket communications with userspace should be done through /var/run  The way
dbus does it.
Comment 1 Ken YANG 2007-08-02 06:26:50 UTC 
nothing but add myself to cc list. 

btw, i agree what Daniel said
Comment 2 Frank Büttner 2007-08-02 17:23:19 UTC 
I will look at the weekend for it.
Comment 3 Frank Büttner 2007-08-11 15:47:38 UTC 
Do you mean /tmp/.sockets/audio10?
Comment 4 Frank Büttner 2007-08-11 17:34:17 UTC 
So I build an patch and add it for the devel repo. Please verify it.
Comment 5 Ken YANG 2007-08-16 10:20:56 UTC 
i have modified the selinux soundserver policy, based on frank's bugfix:

http://marc.info/?l=fedora-selinux-list&m=118725875506751&w=2

please review it
Comment 6 Frank Büttner 2007-08-16 17:09:11 UTC 
it looks ok for my.
Comment 7 Daniel Walsh 2007-08-20 21:02:54 UTC 
Created attachment 161919 [details]
Still some problems.  This is the policy I will go with
Comment 8 Daniel Walsh 2007-08-20 21:03:22 UTC 
Created attachment 161920 [details]
Interface file
Comment 9 Daniel Walsh 2007-08-20 21:03:49 UTC 
Created attachment 161921 [details]
TE File
Comment 10 Ken YANG 2007-08-21 03:02:25 UTC 
hi wlash, 

i saw your modifications, and had four questions:

1 
why use soundd_socket_t, instead of soundd_var_run_t, there are not 
soundd_socket_t used in soundserver policy module.

2 
in soundserver_read_socket_files(), why change type requires, but in 
allow rules, still use soundd_var_run_t?

3
why add manage_files_pattern()? originally, audio$n is labeled in fc 
as socket file, and there are manage_socket_files_pattern()

4 
why add "file sock_file" in files_pid_filetrans()? i think "dir" is 
enough, the socket audio$n created in /var/run/nasd will labeled with 
the containing directory.
Comment 11 Daniel Walsh 2007-08-21 17:18:40 UTC 
1,2 your right, I guess I should have gone home earlied,  To much selinux policy
work :^(
Should be soundd_var_run_t

3.  What about the actual pid file?

4, Ok  removed.
Comment 12 Ken YANG 2007-08-22 02:40:44 UTC 
i know the merge work of policy is huge, so many details you must 
carry with. i hope i can help you. 

yes, you are right. 

maybe i have not understand completely what pidfile mean.

i search policy source, i found most pidfile(call files_pid_file()) 
are *_var_run_t(socket file), or real pid file(e.g. auditd.pid). 

so i guess what the term "pidfile" mean is: pidfile are all files 
which only belong to current process.

is my guess right?
Comment 13 Daniel Walsh 2007-08-22 12:52:22 UTC 
Yes, I think it is poorly named.  This function is for all files/dir/sockets
created in var_run.  Usually this is only the pid file.