From: vaclav.ovsik@i.cz (=?iso-8859-2?Q?V=E1clav_Ovs=EDk?=) Date: Mon, 1 Sep 2008 11:06:02 +0200 Subject: [refpolicy] MUA & append to user tmp files Message-ID: <20080901090602.GA10089@bobek.pm.i.cz> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Hi, - Debian with selinux-policy-default (2:0.0.20080702-6), MTA Postfix, MUA Mutt. Sending mail with mutt in the interactive mode (not command line) leads to: [ 2289.420629] type=1400 audit(1220029858.762:3): avc: denied { append } for pid=4169 comm="postdrop" path="/tmp/mutt-sid-1000-3825-3" dev=hda2 ino=65705 scontext=unconfined_u:unconfined_r:postfix_postdrop_t:s0 tcontext=unconfined_u:object_r:unconfined_tmp_t:s0 tclass=file This is caused by running sendmail interface (/usr/sbin/sendmail) by Mutt with its stderr,stdout redirected into tmp file. Postfix sendmail interface runs postdrop. The attached patch solves this, but maybe change could be even more permissive so other sendmail callings with a redirection that one can imagine will work (userdom_rw_user_tmp_files ?). Regards -- Zito -------------- next part -------------- Index: policy/modules/services/mta.if =================================================================== --- policy/modules/services/mta.if (revision 2792) +++ policy/modules/services/mta.if (working copy) @@ -214,6 +214,7 @@ # cjp: this should probably be read all user tmp # files in an appropriate place for mta_user_agent userdom_read_user_tmp_files($1, mta_user_agent) + userdom_append_user_tmp_files($1, mta_user_agent) tunable_policy(`use_samba_home_dirs',` fs_manage_cifs_files($1_mail_t) Index: policy/modules/system/userdomain.if =================================================================== --- policy/modules/system/userdomain.if (revision 2792) +++ policy/modules/system/userdomain.if (working copy) @@ -2772,6 +2772,39 @@ ######################################## ## +## Append users temporary files. +## +## +##

+## Append users temporary files. +##

+##

+## This is a templated interface, and should only +## be called from a per-userdomain template. +##

+##
+## +## +## The prefix of the user domain (e.g., user +## is the prefix for user_t). +## +## +## +## +## Domain allowed access. +## +## +# +template(`userdom_append_user_tmp_files',` + gen_require(` + type $1_tmp_t; + ') + + allow $2 $1_tmp_t:file append; +') + +######################################## +## ## Do not audit attempts to append users ## temporary files. ##