TOMOYO

Fork

[tomoyo-users-en 229] Policy compatibility between AKARI and TOMOYO Linux 1.8

• Previous message (by thread): [tomoyo-users-en 228] AKARI vs TOMOYO Linux
• Next message (by thread): [tomoyo-users-en 230] Tomoyo as a desktop firewall
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This is a summary between me and Tetsuo Handa, which I inadvertantly
did not post onto the mailing list.

Unquoted text is Tetsuo's response to my question.

> I have one further question. If I were to install AKARI and create a
> set of policies, would these policies then work without change when
> running a kernel compiled with TOMOYO Linux 1.8.x on the same system?

If your kernel is 2.6.33 or higher and is built with CONFIG_SECURITY_PATH=y ,
I think it will be possible to reuse policies regarding file access control
part. To do so, you will need to define profile as

 $profilenumber-CONFIG::network={ mode=disabled }
 $profilenumber-CONFIG::ipc={ mode=disabled }
 $profilenumber-CONFIG::capability={ mode=disabled }

in addition to

 $profilenumber-CONFIG={ mode=... }

.

If your kernel is built with CONFIG_SECURITY_NETWORK=y ,
I think it will be possible to reuse policies regarding network access control
part. To do so, you will need to define profile as

 $profilenumber-CONFIG::network::inet_dgram_recv={ mode=disabled }
 $profilenumber-CONFIG::network::inet_raw_recv={ mode=disabled }
 $profilenumber-CONFIG::network::unix_dgram_recv={ mode=disabled }

in addition to

 $profilenumber-CONFIG::network={ mode=... }

.

If you used "auto_domain_transition=" keyword with accept() permission,
the policies may not be reusable because the timing AKARI checks accept()
permission and TOMOYO checks accept() permission are different.

> If this is possible, then I also assume that a set of policies created
> when running TOMOYO Linux 1.8 will also work when running AKARI, as
> long as rule enforcements that are not supported by AKARI are not
> used.

I think it works only if your kernel is 2.6.33 or higher and is built with
CONFIG_SECURITY_PATH=y.

If CONFIG_SECURITY_PATH=y, both AKARI and TOMOYO check directory modification
permissions like

 file create /path/to/file/from/namespace's/root

and therefore policy will be reusable.

If CONFIG_SECURITY_PATH=n, AKARI checks directory modification permissions like

 file create dev($major,$minor):/path/to/file

whereas TOMOYO checks directory modification permissions like

 file create /path/to/file/from/namespace's/root

and therefore policy will not be reusable.

But these explanations are from what I expect (rather than what I confirmed).
Please test in both environments if you want to make reusable policies.

Regards.

• Previous message (by thread): [tomoyo-users-en 228] AKARI vs TOMOYO Linux
• Next message (by thread): [tomoyo-users-en 230] Tomoyo as a desktop firewall
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]