Difference between revisions of "SVNserver"

From SELinux Wiki
Jump to: navigation, search
Line 21: Line 21:
 
                 role $2;                       
 
                 role $2;                       
 
         ')                                     
 
         ')                                     
 
 
         domtrans_pattern($1,svn_exec_t,svn_t)
 
         domtrans_pattern($1,svn_exec_t,svn_t)
 
         role $2 types svn_t;                 
 
         role $2 types svn_t;                 
 
  ')                                           
 
  ')                                           
 
 
  interface(`svnadmin_domtrans',`                     
 
  interface(`svnadmin_domtrans',`                     
 
         gen_require(`                               
 
         gen_require(`                               
Line 31: Line 29:
 
                 role $2;                             
 
                 role $2;                             
 
         ')                                           
 
         ')                                           
 
 
         domtrans_pattern($1,svnadmin_exec_t,svnadmin_t)
 
         domtrans_pattern($1,svnadmin_exec_t,svnadmin_t)
 
         role $2 types svnadmin_t;
 
         role $2 types svnadmin_t;
Line 44: Line 41:
 
                 class dir { manage_dir_perms };
 
                 class dir { manage_dir_perms };
 
         ')
 
         ')
 
 
         allow $1 svndata_t : file { manage_file_perms };
 
         allow $1 svndata_t : file { manage_file_perms };
 
         allow $1 svndata_t : dir { manage_dir_perms };
 
         allow $1 svndata_t : dir { manage_dir_perms };

Revision as of 08:27, 13 March 2010

Use case: SVN server

How I built a SELinux based server that holds the SVN repos of all our projects. Same thought patterns can be applied to securing any other sharing technology, not just SVN.

Requirements

  1. SVN should be confined to its own domain
  2. Access to SVN should be provided via SSH
  3. SVN data should be labeled by own type with only SVN having access to them
  4. Various SVN repos should be restricted only to certain people (ie. the project members)
  5. Within this restriction, some people should be granted read-only access
  6. Regular backups!

The policy module

I based the server on Debian 5.0, therefore I was dealing with quite an old release of refpolicy 2:0.0.20080702-16 (even for the launch time of the distro). Much water has passed since then so some things might need adjusting for newer refpolicies (I'll indicate those I know about).

The SVN module is pretty straightforward once you match the requirements to known macros. I'll start with the interface because it makes a line to follow.

interface(`svn_domtrans',`                     
       gen_require(`                          
               type svn_t, svn_exec_t, $1;    
               role $2;                       
       ')                                     
       domtrans_pattern($1,svn_exec_t,svn_t)
       role $2 types svn_t;                 
')                                           
interface(`svnadmin_domtrans',`                     
       gen_require(`                               
               type svnadmin_t, svnadmin_exec_t, $1;
               role $2;                             
       ')                                           
       domtrans_pattern($1,svnadmin_exec_t,svnadmin_t)
       role $2 types svnadmin_t;
')

The first two macros are the classical 'allow-$1 to transition to another type and add that type to their $2 role'.

interface(`svn_manage_data',`
       gen_require(`
               type svndata_t, $1;
               class file { manage_file_perms };
               class dir { manage_dir_perms };
       ')
       allow $1 svndata_t : file { manage_file_perms };
       allow $1 svndata_t : dir { manage_dir_perms };
')

This macro will grant the $1 type access to manipulate our precious SVN repos.