selinux-notebook: describe nosuid and NNP transitions

[topimiettinen]

Describe cases where nosuid_transition or nnp_transition are needed.

Signed-off-by: Topi Miettinen toiwoton@gmail.com

[thulay880]

topimiettinen:describe-nosuid-nnp

[thulay880]

From b601156c96e5e55f23c54808c555183a810d2dbf Mon Sep 17 00:00:00 2001 From: Topi Miettinen toiwoton@gmail.com Date: Sat, 12 Jun 2021 11:02:53 +0300 Subject: [PATCH] selinux-notebook: describe nosuid and NNP transitions

Describe cases where nosuid_transition or nnp_transition are needed.

Signed-off-by: Topi Miettinen toiwoton@gmail.com

src/computing_security_contexts.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/computing_security_contexts.md b/src/computing_security_contexts.md index bb946b5..7bd1d87 100644 --- a/src/computing_security_contexts.md +++ b/src/computing_security_contexts.md @@ -84,7 +84,14 @@ Processes inherit their security context as follows: default_type (policy version 28) or if a security-aware process, by calling setexeccon(3) if permitted by policy prior to invoking exec. -3. At any time, a security-aware process may invoke setcon(3) to +3. If the file system is mounted with nosuid flag, type transitions

• require permission nosuid_transition. If the thread has
• no_new_privs attribute set, the transition requires
• nnp_transition. For both transitions, policy capability
• nnp_nosuid_transition is also required. See also
• Linux Security Module and SELinux
• section. +4. At any time, a security-aware process may invoke setcon(3) to switch its security context (if permitted by policy) although this practice is generally discouraged - exec-based transitions are preferred.

[thulay880]

diff --git a/src/computing_security_contexts.md b/src/computing_security_contexts.md index bb946b5..7bd1d87 100644 --- a/src/computing_security_contexts.md +++ b/src/computing_security_contexts.md @@ -84,7 +84,14 @@ Processes inherit their security context as follows: default_type (policy version 28) or if a security-aware process, by calling setexeccon(3) if permitted by policy prior to invoking exec. -3. At any time, a security-aware process may invoke setcon(3) to +3. If the file system is mounted with nosuid flag, type transitions

• require permission nosuid_transition. If the thread has
• no_new_privs attribute set, the transition requires
• nnp_transition. For both transitions, policy capability
• nnp_nosuid_transition is also required. See also
• Linux Security Module and SELinux
• section. +4. At any time, a security-aware process may invoke setcon(3) to switch its security context (if permitted by policy) although this practice is generally discouraged - exec-based transitions are preferred.

[pcmoore]

Thanks @topimiettinen but you only need to submit a patch/PR via one mechanism: the mailing list or GitHub. Posting it to both just confused my tired brain :)

I'm going to close this out so we can continue the discussion on the mailing list.