We have moved to a new Sailfish OS Forum. Please start new discussions there.
2

SElinux is only permissive / Security / Mandatory Access Control

asked 2020-03-05 14:52:53 +0300

Leon gravatar image

As stated here [1] the SElinux framework is shipped with SFOS. The blog post also says "with SELinux ... enabled". While taking a look at a Xperia 10 device with the latest SFOS I was surprised that SElinux is not enabled (enforcing). The current mode is "permissive" with a "minimum" policy loaded. The latter is due to the first implementation, though but the permissive mode downgrades this security feature to just log violations. Effectively it does not provide better security compared to older SFOS versions.

I would like to discuss the current security model of SFOS here.

Does any 3rd party has done an audit of SFOS already?


[1] https://blog.jolla.com/sailfish-os-update-torronsuo/

edit retag flag offensive close delete

1 Answer

Sort by » oldest newest most voted
10

answered 2020-03-05 16:50:54 +0300

schmittlauch gravatar image

If SElinux isn't enforcing its policy even in the mentioned parts of the system like system boot and MCE, this indeed requires some clarification.

Apart of that I am not surprised. As the current security model of Sailfish OS has some drawbacks, I did some research for Jolla on Mandatory Access Control and how to add it to Sailfish's security model. I haven't worked for Jolla anymore since then, but the proposed way roadmap for integrating SElinux was first shipping devices with a small policy and in permissive mode to gather data on how well the policy works, then continually evolving by starting to enforce parts of the policy and expand its scope.

Jolla has just recently started to even enable SElinux in various hardware adaptations, so it would seriously surprise me if they skipped that permissive step for Xperia 10.

edit flag offensive delete publish link more

Comments

5

IIRC this was also how SELinux was first deployed on Fedora many years ago. First some time in permisive mode + tuning the policy based on reports from users seeing policy violations in the log. Only when these were addressed SELinux was switched to enforcing by default on Fedora.

MartinK ( 2020-03-05 18:07:01 +0300 )edit

@schmittlauch - thanks for sharing your paper. I am on the way to read through it ...

The incremental method of bringing it into SFOS is absolutely the right way. I just was confused about the marketing speak in the blog post (enabled) versus the technical current state (not enforcing it).

Leon ( 2020-03-06 15:46:31 +0300 )edit
Login/Signup to Answer

Question tools

Follow
4 followers

Stats

Asked: 2020-03-05 14:52:53 +0300

Seen: 385 times

Last updated: Mar 05 '20