From: vaclav.ovsik@i.cz (=?iso-8859-2?Q?V=E1clav_Ovs=EDk?=)
Date: Mon, 1 Sep 2008 11:06:02 +0200
Subject: [refpolicy] MUA & append to user tmp files
Message-ID: <20080901090602.GA10089@bobek.pm.i.cz>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Hi,
- Debian with selinux-policy-default (2:0.0.20080702-6),
  MTA Postfix, MUA Mutt.
Sending mail with mutt in the interactive mode (not command line)
leads to:

[ 2289.420629] type=1400 audit(1220029858.762:3): avc:  denied  { append } for  pid=4169 comm="postdrop" path="/tmp/mutt-sid-1000-3825-3" dev=hda2 ino=65705 scontext=unconfined_u:unconfined_r:postfix_postdrop_t:s0 tcontext=unconfined_u:object_r:unconfined_tmp_t:s0 tclass=file

This is caused by running sendmail interface (/usr/sbin/sendmail) by
Mutt with its stderr,stdout redirected into tmp file.
Postfix sendmail interface runs postdrop.

The attached patch solves this, but maybe change could be even more
permissive so other sendmail callings with a redirection that one can
imagine will work (userdom_rw_user_tmp_files ?).

Regards
-- 
Zito
-------------- next part --------------
Index: policy/modules/services/mta.if
===================================================================
--- policy/modules/services/mta.if	(revision 2792)
+++ policy/modules/services/mta.if	(working copy)
@@ -214,6 +214,7 @@
 	# cjp: this should probably be read all user tmp
 	# files in an appropriate place for mta_user_agent
 	userdom_read_user_tmp_files($1, mta_user_agent)
+ 	userdom_append_user_tmp_files($1, mta_user_agent)
 
 	tunable_policy(`use_samba_home_dirs',`
 		fs_manage_cifs_files($1_mail_t)
Index: policy/modules/system/userdomain.if
===================================================================
--- policy/modules/system/userdomain.if	(revision 2792)
+++ policy/modules/system/userdomain.if	(working copy)
@@ -2772,6 +2772,39 @@
 
 ########################################
 ## <summary>
+##	Append users temporary files.
+## </summary>
+## <desc>
+##	<p>
+##	Append users temporary files.
+##	</p>
+##	<p>
+##	This is a templated interface, and should only
+##	be called from a per-userdomain template.
+##	</p>
+## </desc>
+## <param name="userdomain_prefix">
+##	<summary>
+##	The prefix of the user domain (e.g., user
+##	is the prefix for user_t).
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+template(`userdom_append_user_tmp_files',`
+	gen_require(`
+		type $1_tmp_t;
+	')
+
+	allow $2 $1_tmp_t:file append;
+')
+
+########################################
+## <summary>
 ##	Do not audit attempts to append users
 ##	temporary files.
 ## </summary>