[prev in list] [next in list] [prev in thread] [next in thread] 

List:       selinux
Subject:    Re: the user space object manager code seems to fragile
From:       Dominick Grift <dac.override () gmail ! com>
Date:       2015-11-14 19:30:41
Message-ID: 20151114193040.GB14212 () x250
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On Sat, Nov 14, 2015 at 07:01:09PM +0100, Dominick Grift wrote:
> I want to bring to your attention that the user space object manager
> functionality/code of selinux is fragile and is a challenge
> 

Okay my apologies, this particular unordered class issue i just mentioned was my
fault. I accidently declared the access vector in a non-. namespace

Still though:

- - (old known issue) dmesg does not print unknown user space access vector
  handling. so it not easy to detect

- - dbus fails (even in permissive mode) because dbus object is not
  declared and selinux is enabled

Video of me troubleshooting this issue:

https://www.youtube.com/watch?v=FK-wnweI4YM

I still believe the user space object manager handling could be improved
a great deal.

- -- 
02DFF788
4D30 903A 1CF3 B756 FB48  1514 3148 83A2 02DF F788
https://sks-keyservers.net/pks/lookup?op=get&search=0x314883A202DFF788
Dominick Grift
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQGcBAEBCgAGBQJWR4vcAAoJENAR6kfG5xmcnw0MALvLVhLObPxqpROkiXHLqapP
x/sLU1te+g+uivW5D8iFWGOa9vjhxdb6AQtwOhRb1ogR+irx0FU9waoVoyPih1NE
UExWr9cmDQIGm3MxUQiQ/fDBnp7sMO9XgXAtJun0IKssog5hZnjprR72a3gXagWM
tS/LipF9oQY/sUW6/7p8XPuU/OtOcR3MnYTxmSCDBi0nEis7tvHrLmTTUq3MonxT
qacVv9ztoed3RSZxXjm30xR7xcwkapD1nKgnEOCLlKuwmCm2istgtp88HlwO/+ps
hXrFWAbFneBp8BQnMEbJ6rr9jKzoo+BKfk89hZOmnO2IJJ0YE3vr+4U9p59qsV+Y
FPloB4si8HMqM+OrRL3woNkZk00hDlrK3Bvxe88j8ynMOLV7f2hBdavgVc8fAyuJ
yaBoQbt+r6Dh9fwWEs0vjFZTqY3Hy2GGceIa7QrpFSRwEzZX2dhbFGFD4Ls8M69A
z1NLlgZrdiHyeyFrri83OUPs4PqeevTa5W7xt1lLKg==
=mPKd
-----END PGP SIGNATURE-----
_______________________________________________
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
To get help, send an email containing "help" to Selinux-request@tycho.nsa.gov.
[prev in list] [next in list] [prev in thread] [next in thread]