2008-09-01 09:06:02

by vaclav.ovsik

[permalink] [raw]
Subject: [refpolicy] MUA & append to user tmp files

Hi,
- Debian with selinux-policy-default (2:0.0.20080702-6),
MTA Postfix, MUA Mutt.
Sending mail with mutt in the interactive mode (not command line)
leads to:

[ 2289.420629] type=1400 audit(1220029858.762:3): avc: denied { append } for pid=4169 comm="postdrop" path="/tmp/mutt-sid-1000-3825-3" dev=hda2 ino=65705 scontext=unconfined_u:unconfined_r:postfix_postdrop_t:s0 tcontext=unconfined_u:object_r:unconfined_tmp_t:s0 tclass=file

This is caused by running sendmail interface (/usr/sbin/sendmail) by
Mutt with its stderr,stdout redirected into tmp file.
Postfix sendmail interface runs postdrop.

The attached patch solves this, but maybe change could be even more
permissive so other sendmail callings with a redirection that one can
imagine will work (userdom_rw_user_tmp_files ?).

Regards
--
Zito
-------------- next part --------------
Index: policy/modules/services/mta.if
===================================================================
--- policy/modules/services/mta.if (revision 2792)
+++ policy/modules/services/mta.if (working copy)
@@ -214,6 +214,7 @@
# cjp: this should probably be read all user tmp
# files in an appropriate place for mta_user_agent
userdom_read_user_tmp_files($1, mta_user_agent)
+ userdom_append_user_tmp_files($1, mta_user_agent)

tunable_policy(`use_samba_home_dirs',`
fs_manage_cifs_files($1_mail_t)
Index: policy/modules/system/userdomain.if
===================================================================
--- policy/modules/system/userdomain.if (revision 2792)
+++ policy/modules/system/userdomain.if (working copy)
@@ -2772,6 +2772,39 @@

########################################
## <summary>
+## Append users temporary files.
+## </summary>
+## <desc>
+## <p>
+## Append users temporary files.
+## </p>
+## <p>
+## This is a templated interface, and should only
+## be called from a per-userdomain template.
+## </p>
+## </desc>
+## <param name="userdomain_prefix">
+## <summary>
+## The prefix of the user domain (e.g., user
+## is the prefix for user_t).
+## </summary>
+## </param>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+template(`userdom_append_user_tmp_files',`
+ gen_require(`
+ type $1_tmp_t;
+ ')
+
+ allow $2 $1_tmp_t:file append;
+')
+
+########################################
+## <summary>
## Do not audit attempts to append users
## temporary files.
## </summary>