Bug 99234

Summary: dbus should use raw SELinux contexts
Product: dbus Reporter: Laurent Bigonville <bigon>
Component: coreAssignee: D-Bus Maintainers <dbus>
Status: RESOLVED WONTFIX QA Contact: D-Bus Maintainers <dbus>
Severity: normal    
Priority: medium    
Version: git master   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:

Description Laurent Bigonville 2016-12-31 03:40:09 UTC 
Hello,

So I'm opening an upstream bug regarding https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849748

I also think that the raw variant of these functions should be used for the internal representations of the security context in dbus. SELinux upstream seems to think the same (https://www.mail-archive.com/selinux@tycho.nsa.gov/msg03605.html). The translated sensitivity/categories should IMHO only be used when shown to the user (ls/id/ps/...).

Regarding the possible regressions, the biggest selinux implementation (Centos/fedora/RHEL) is not shipping with the daemon (mcstrans) doing the translation for years. So I don't think they will face a lot of complains.
I think the only place where dbus should care about the translated name is when it's reading the "<associate>" node from a config file.

Also note that (when msctrans is running) the translation has a performance penalty has it needs to talk to the daemon using a unix socket.
Comment 1 Simon McVittie 2017-01-02 10:23:41 UTC 
(In reply to Laurent Bigonville from comment #0)
> I also think that the raw variant of these functions should be used for the
> internal representations of the security context in dbus. SELinux upstream
> seems to think the same
> (https://www.mail-archive.com/selinux@tycho.nsa.gov/msg03605.html). The
> translated sensitivity/categories should IMHO only be used when shown to the
> user (ls/id/ps/...).

As far as I'm aware, GetConnectionSELinuxSecurityContext() has always returned what it currently returns (which is not well-documented, and someone who knows SELinux better than I do should fix Bug #84193). Changing this would be an incompatible change, and does not seem appropriate for a stable-branch.

If a caller wants the raw string from the SO_PEERSEC getsockopt, which AIUI is what you are asking for, then they can call GetConnectionCredentials() (which is also more efficient, if they are also interested in the uid or pid, which in practice they probably are).
Comment 2 Simon McVittie 2017-09-25 18:54:39 UTC 
(In reply to Simon McVittie from comment #1)
> As far as I'm aware, GetConnectionSELinuxSecurityContext() has always
> returned what it currently returns (which is not well-documented, and
> someone who knows SELinux better than I do should fix Bug #84193).

-> WONTFIX for this incompatible change.

Or please reopen this with proposed patches if there are other places in dbus that use translated SELinux contexts where they should prefer raw.

I'm considering the original Debian bug to have been solved by systemd-logind v234 using GetConnectionCredentials().

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.