Difference between revisions of "SVNserver"

From SELinux Wiki
Jump to: navigation, search
Line 15: Line 15:
  
 
The SVN module is pretty straightforward once you match the requirements to known macros. I'll start with the interface because it makes a line to follow.
 
The SVN module is pretty straightforward once you match the requirements to known macros. I'll start with the interface because it makes a line to follow.
 
+
 
<code>
+
interface(`svn_domtrans',`                     
                                             
+
interface(`svn_domtrans',`                     
+
 
         gen_require(`                           
 
         gen_require(`                           
 
                 type svn_t, svn_exec_t, $1;     
 
                 type svn_t, svn_exec_t, $1;     
Line 26: Line 24:
 
         domtrans_pattern($1,svn_exec_t,svn_t)
 
         domtrans_pattern($1,svn_exec_t,svn_t)
 
         role $2 types svn_t;                 
 
         role $2 types svn_t;                 
')                                           
+
')                                           
  
interface(`svnadmin_domtrans',`                     
+
interface(`svnadmin_domtrans',`                     
 
         gen_require(`                               
 
         gen_require(`                               
 
                 type svnadmin_t, svnadmin_exec_t, $1;
 
                 type svnadmin_t, svnadmin_exec_t, $1;
Line 36: Line 34:
 
         domtrans_pattern($1,svnadmin_exec_t,svnadmin_t)
 
         domtrans_pattern($1,svnadmin_exec_t,svnadmin_t)
 
         role $2 types svnadmin_t;
 
         role $2 types svnadmin_t;
')
+
')
</code>
+
 
 
The first two macros are the classical 'allow-$1 to transition to another type and add that type to their $2 role'.
 
The first two macros are the classical 'allow-$1 to transition to another type and add that type to their $2 role'.
<code>
+
 
interface(`svn_manage_data',`
+
interface(`svn_manage_data',`
 
         gen_require(`
 
         gen_require(`
 
                 type svndata_t, $1;
 
                 type svndata_t, $1;
Line 49: Line 47:
 
         allow $1 svndata_t : file { manage_file_perms };
 
         allow $1 svndata_t : file { manage_file_perms };
 
         allow $1 svndata_t : dir { manage_dir_perms };
 
         allow $1 svndata_t : dir { manage_dir_perms };
')
+
')
</code>
+
 
 
This macro will grant the $1 type access to manipulate our precious SVN repos.
 
This macro will grant the $1 type access to manipulate our precious SVN repos.

Revision as of 08:26, 13 March 2010

Use case: SVN server

How I built a SELinux based server that holds the SVN repos of all our projects. Same thought patterns can be applied to securing any other sharing technology, not just SVN.

Requirements

  1. SVN should be confined to its own domain
  2. Access to SVN should be provided via SSH
  3. SVN data should be labeled by own type with only SVN having access to them
  4. Various SVN repos should be restricted only to certain people (ie. the project members)
  5. Within this restriction, some people should be granted read-only access
  6. Regular backups!

The policy module

I based the server on Debian 5.0, therefore I was dealing with quite an old release of refpolicy 2:0.0.20080702-16 (even for the launch time of the distro). Much water has passed since then so some things might need adjusting for newer refpolicies (I'll indicate those I know about).

The SVN module is pretty straightforward once you match the requirements to known macros. I'll start with the interface because it makes a line to follow.

interface(`svn_domtrans',`                     
       gen_require(`                          
               type svn_t, svn_exec_t, $1;    
               role $2;                       
       ')                                     
       domtrans_pattern($1,svn_exec_t,svn_t)
       role $2 types svn_t;                 
')                                           
interface(`svnadmin_domtrans',`                     
       gen_require(`                               
               type svnadmin_t, svnadmin_exec_t, $1;
               role $2;                             
       ')                                           
       domtrans_pattern($1,svnadmin_exec_t,svnadmin_t)
       role $2 types svnadmin_t;
')

The first two macros are the classical 'allow-$1 to transition to another type and add that type to their $2 role'.

interface(`svn_manage_data',`
       gen_require(`
               type svndata_t, $1;
               class file { manage_file_perms };
               class dir { manage_dir_perms };
       ')
       allow $1 svndata_t : file { manage_file_perms };
       allow $1 svndata_t : dir { manage_dir_perms };
')

This macro will grant the $1 type access to manipulate our precious SVN repos.