qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Carl Trieloff <cctriel...@redhat.com>
Subject Re: SELinux ACL Workflow
Date Wed, 13 May 2009 17:33:11 GMT

It seems ok to me. would be good to see if there is any feedback on 
SELinux list

Carl.


Joshua Kramer wrote:
>
> Hello,
>
> I'd like commentary on the attached workflow for acl using SELinux.  
> I've also posted this to the SELinux mailing list.  An easier to read 
> version is attached as ODT and available in PDF via the Jira (QPID-1838)
>
> Thanks,
> -Josh
>
> I.Definitions
> A.In this narrative, "this Subject" means the process connecting to qpid.
> II.Determine the Action.
> A.If ACT_CREATE, ACT_DELETE:
> i.Determine the object type.  If OBJ_QUEUE, determine if it is a 
> server-side or client-side queue.
> ii.Determine if the Context of this Subject permits to CREATE or 
> DELETE Objects in the parent Object?  (i.e. are we allowed to create 
> queues  in this broker?)
> a)Determine this by searching the SELinux context list first by 
> finding the map corresponding to object_type, then the map 
> corresponding to the parent's name. TODO: how do we determine the 
> parent from this object as passed in the Acl::authorise call?)
> b)If this is not permitted, deny and return.
> iii.If command is create and Context does permit object creation:
> a)If this is OBJ_QUEUE
> Does the Context of this Subject permit it to CREATE or DELETE queues 
> of the type noted in i above?  TODO: how do we represent "permitted to 
> create server queue" and "permitted to create client queue" in the 
> SELinux context list?
> If Context does permit creation:
> Add an item in the SELinux context list for this object.
> Inherit this Object's context from the parent, OR
> Label according to the arguments passed in on the create call.
> Create the Object
> Return control
> Otherwise deny creation of object.
> b)If this is an OBJ_EXCHANGE,
> Add an item in the SELinux context list for this object.
> Inherit this Object's context from the parent, OR
> Label according to the arguments passed in on the create call.
> Create the Exchange.
> iv.If command is delete and Context does permit object deletion:
> Delete object as specified by method call.
> Delete object's reference in the SELinux context list.
> B.If ACT_CONSUME, ACT_PUBLISH, ACT_ACCESS, ACT_BIND, ACT_UNBIND,  
> ACT_DELETE, ACT_PURGE, ACT_UPDATE:
> i.Determine if the Context of this Subject permits the noted action on 
> the target Object:
> a)Search the map of object types; when the target Object's Type is found,
> b)Search the resulting map for this Object's ID.
> c)Call security_compute_av to determine if this Subject is permitted 
> to access the target Object with the Subject's context.
> ii.If Yes: Allow
> iii.If No: Deny
> ------------------------------------------------------------------------
>
>
> ---------------------------------------------------------------------
> Apache Qpid - AMQP Messaging Implementation
> Project:      http://qpid.apache.org
> Use/Interact: mailto:dev-subscribe@qpid.apache.org


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message