postfix policy question

All of lore.kernel.org
 help / color / mirror / Atom feed

* postfix policy question
@ 2004-10-07  9:24 petre rodan
  2004-10-11  5:41 ` Russell Coker
  0 siblings, 1 reply; 2+ messages in thread
From: petre rodan @ 2004-10-07  9:24 UTC (permalink / raw)
  To: selinux

[-- Attachment #1: Type: text/plain, Size: 1107 bytes --]


Hi!

from postconf(1):
The  postconf command prints the actual value of parameter (all known parameters by
default) one parameter per line, changes its value,  or  prints  other  information
about the Postfix mail system.

so sysadm_t should be able to exec this binary, regardless of the 'direct_sysadm_daemon' status

postconf is currently labeled postfix_master_exec_t, so would it be ok to add the following to the policy?:

  ifdef(`direct_sysadm_daemon', `
  domain_auto_trans(sysadm_t, postfix_master_exec_t, postfix_master_t)
  allow sysadm_t postfix_master_t:process { noatsecure siginh rlimitinh };
  role_transition sysadm_r postfix_master_exec_t system_r;
  domain_auto_trans(sysadm_mail_t, postfix_master_exec_t, system_mail_t)
  allow system_mail_t sysadm_t:process sigchld;
  allow system_mail_t privfd:fd use;
  ' ,`
+allow sysadm_t postfix_master_exec_t:file { execute execute_no_trans getattr read };
  ')dnl end direct_sysadm_daemon

I'm not at all sure about this one, please don't shoot the messenger.

bye,
peter

-- 
petre rodan
<kaiowas@gentoo.org>
Developer,
Hardened Gentoo Linux

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 252 bytes --]

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: postfix policy question
  2004-10-07  9:24 postfix policy question petre rodan
@ 2004-10-11  5:41 ` Russell Coker
  0 siblings, 0 replies; 2+ messages in thread
From: Russell Coker @ 2004-10-11  5:41 UTC (permalink / raw)
  To: petre rodan; +Cc: selinux

[-- Attachment #1: Type: text/plain, Size: 1012 bytes --]

On Thu, 7 Oct 2004 19:24, petre rodan <kaiowas@gentoo.org> wrote:
> from postconf(1):
> The  postconf command prints the actual value of parameter (all known
> parameters by default) one parameter per line, changes its value,  or 
> prints  other  information about the Postfix mail system.
>
> so sysadm_t should be able to exec this binary, regardless of the
> 'direct_sysadm_daemon' status

The attached patch makes the postconf program be labelled at sbin_t which 
allows sysadm_t to execute it without issue.  Also I allowed postfix_master_t 
to execute sbin_t as part of this change as postconf is run on postfix start.

As an unrelated change I allowed postfix_master_t to create a 
new /etc/postfix/aliases.db file on Red Hat for system-switch-mail.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

[-- Attachment #2: postfix.diff --]
[-- Type: text/x-diff, Size: 1612 bytes --]

--- /usr/src/se/policy/domains/program/unused/postfix.te	2004-10-02 03:36:11.000000000 +1000
+++ domains/program/unused/postfix.te	2004-10-11 15:36:41.000000000 +1000
@@ -94,7 +94,7 @@
 dontaudit postfix_master_t selinux_config_t:dir search;
 can_exec({ sysadm_mail_t system_mail_t }, postfix_master_exec_t)
 ifdef(`distro_redhat', `
-file_type_auto_trans({ sysadm_mail_t system_mail_t }, postfix_etc_t, etc_aliases_t)
+file_type_auto_trans({ sysadm_mail_t system_mail_t postfix_master_t }, postfix_etc_t, etc_aliases_t)
 ', `
 file_type_auto_trans({ sysadm_mail_t system_mail_t }, etc_t, etc_aliases_t)
 ')
@@ -103,7 +103,7 @@
 ifdef(`pppd.te', `
 domain_auto_trans(pppd_t, postfix_master_exec_t, postfix_master_t)
 ')
-can_exec(postfix_master_t, ls_exec_t)
+can_exec(postfix_master_t, { ls_exec_t sbin_t })
 allow postfix_master_t sysctl_kernel_t:dir r_dir_perms;
 allow postfix_master_t sysctl_kernel_t:file r_file_perms;
 allow postfix_master_t self:fifo_file rw_file_perms;
--- /usr/src/se/policy/file_contexts/program/postfix.fc	2004-09-23 22:31:22.000000000 +1000
+++ file_contexts/program/postfix.fc	2004-10-11 15:35:56.000000000 +1000
@@ -18,7 +18,6 @@
 /usr/lib(exec)?/postfix/pipe	--	system_u:object_r:postfix_pipe_exec_t
 /usr/sbin/postalias	--	system_u:object_r:postfix_master_exec_t
 /usr/sbin/postcat	--	system_u:object_r:postfix_master_exec_t
-/usr/sbin/postconf	--	system_u:object_r:postfix_master_exec_t
 /usr/sbin/postdrop	--	system_u:object_r:postfix_postdrop_exec_t
 /usr/sbin/postfix	--	system_u:object_r:postfix_master_exec_t
 /usr/sbin/postkick	--	system_u:object_r:postfix_master_exec_t

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2004-10-11  5:41 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-10-07  9:24 postfix policy question petre rodan
2004-10-11  5:41 ` Russell Coker

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.