Bug 99234 - dbus should use raw SELinux contexts
Summary: dbus should use raw SELinux contexts
Status: RESOLVED WONTFIX
Alias: None
Product: dbus
Classification: Unclassified
Component: core (show other bugs)
Version: git master
Hardware: Other All
: medium normal
Assignee: D-Bus Maintainers
QA Contact: D-Bus Maintainers
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-12-31 03:40 UTC by Laurent Bigonville
Modified: 2017-09-25 18:54 UTC (History)
0 users

See Also:
i915 platform:
i915 features:

Attachments

Description Laurent Bigonville 2016-12-31 03:40:09 UTC 
Hello,

So I'm opening an upstream bug regarding https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849748

I also think that the raw variant of these functions should be used for the internal representations of the security context in dbus. SELinux upstream seems to think the same (https://www.mail-archive.com/selinux@tycho.nsa.gov/msg03605.html). The translated sensitivity/categories should IMHO only be used when shown to the user (ls/id/ps/...).

Regarding the possible regressions, the biggest selinux implementation (Centos/fedora/RHEL) is not shipping with the daemon (mcstrans) doing the translation for years. So I don't think they will face a lot of complains.
I think the only place where dbus should care about the translated name is when it's reading the "<associate>" node from a config file.

Also note that (when msctrans is running) the translation has a performance penalty has it needs to talk to the daemon using a unix socket.
Comment 1 Simon McVittie 2017-01-02 10:23:41 UTC 
(In reply to Laurent Bigonville from comment #0)
> I also think that the raw variant of these functions should be used for the
> internal representations of the security context in dbus. SELinux upstream
> seems to think the same
> (https://www.mail-archive.com/selinux@tycho.nsa.gov/msg03605.html). The
> translated sensitivity/categories should IMHO only be used when shown to the
> user (ls/id/ps/...).

As far as I'm aware, GetConnectionSELinuxSecurityContext() has always returned what it currently returns (which is not well-documented, and someone who knows SELinux better than I do should fix Bug #84193). Changing this would be an incompatible change, and does not seem appropriate for a stable-branch.

If a caller wants the raw string from the SO_PEERSEC getsockopt, which AIUI is what you are asking for, then they can call GetConnectionCredentials() (which is also more efficient, if they are also interested in the uid or pid, which in practice they probably are).
Comment 2 Simon McVittie 2017-09-25 18:54:39 UTC 
(In reply to Simon McVittie from comment #1)
> As far as I'm aware, GetConnectionSELinuxSecurityContext() has always
> returned what it currently returns (which is not well-documented, and
> someone who knows SELinux better than I do should fix Bug #84193).

-> WONTFIX for this incompatible change.

Or please reopen this with proposed patches if there are other places in dbus that use translated SELinux contexts where they should prefer raw.

I'm considering the original Debian bug to have been solved by systemd-logind v234 using GetConnectionCredentials().

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.