# Security solution whith Selinux (MAC) ?

## pietinger

A Computer System needing hundreds of rules is not secure (old egyptian saying, 6.000 B.C.)   :Smile: 

Hello everyone,

in the last month I read about SELINUX and its implementation of a mandatory access control (MAC). I also read the source-code of "smack". But it didnt helped me with my Problem.

First of all, I have to explain what I mean with "security" ... for me. Its not, preventing my son from deleting /etc/*. Linux can handle this with its DAC quite well. I alos need no Bell LaPadula-modell. Security means (for me): Preventing me from evil (and/or buggy) programms (applications, apps), doing things I dont want. I thought a lot about how I would be able to transfer my wish/-es into some rules for linux. (I will use the subject/object-model from MAC):

1. I want to browse my /home/peter/topsecret.txt-file

 => Peter (subject) -> evil_Browser (object/subject) -> txt-file (object) = OK

2. I want to browse the Web and visit "www.nsa.gov"

 => Peter (subject) -> evil_Browser (object/subject) -> Internet (object) = OK

3. I DONT want my "evil_browser" is able to send my file over tcp/ip when unsing it

 => Peter (subject) -> evil_Browser (object/subject) -> txt-file (object) -> Internet (object) = NOK

So, it is no solution denying me from accessing my files or accessing the browser-app. It is also no solution denying the browser from accessing the internet or my files. (Or using 2 different apps). The only solution I see is seperating the objects "Internet" and "secret.txt-file". So, when I am working in "domain "secret"", browsing my files is OK, but there is no chance for me (and the app) for sending something, and when I am working in domain "world" browsing the internet is ok, but no acces to my files. How can I translate this in some rules ?

----------

## Ant P.

Run the browser as a separate user. Or use firejail. Or read the source code of chromium's seccomp+ns sandboxing and decide whether that covers your threat model.

----------

## pietinger

 *Ant P. wrote:*   

> Run the browser as a separate user. Or use firejail. Or read the source code of chromium's seccomp+ns sandboxing and decide whether that covers your threat model.

 

Thank you for your answer. You are right, if it would be only a browser. (Im using a firewall with strict rules for OUTgoing traffic: http is only allowed for "privoxy" by its userid (-m owner --uid-owner) and apps trying to "phone home" and not using the proxy, I will see immediately).

Maybe I didnt describe it correct. I mean not only a browser; it is every app I run. If I download a brand new game and it is an evil game, crypting all my files, this would be annoying, but I have backups. But what, when its sending all my files to google ? The problem I have is, all apps/programms have the same rights as I have. The most times, this is ok, because I know what Iam doing. But what, when I have an evil app ? (Of course, in an ideally world, I would have some hardware, a brave and error-free OS and only brave apps, doing only what I tell them to do. Then I wouldnt need any access control).

In other words: I have 2 Computers. One connected to the internet. The other complete stand-alone. If I want send a secret-file from the standalone-computer, I have to copy it to a memory-stick, then copy the file on the stick into the internet-computer and send it from them. There is absolut no chance for the internet-computer to reach some files from the other standalone-computer.

Exist a solution to have the same security on only one computer ?

----------

