Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing List
subject: using procmail under SE-Linux Date: Thu, 18 Nov 2004 19:38:11 -0600
Thanx! [1] /research/selinux/list-archive/0307/4748.shtml
-- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.From: Colin Walters <walters_at_verbum.org> subject: Re: using procmail under SE-Linux Date: Thu, 18 Nov 2004 23:06:54 -0500
I don't have the source handy anymore, but it was a really simple, quick hack. Basically, it just read a file in /etc (something like /etc/selinux/contexts/mail), and searched for a mapping from the home directory context to a target context, for example: system_u:object_r:user_home_t system_u:object_r:user_procmail_t It then set its exec security context via setexeccon, and exec'd the regular procmail. However, I've learned a lot about SELinux since then, and I think a better approach would be to use security_compute_relabel. Then the policy itself can specify the type to use, via type_transition. For example: type_transition postfix_local_t user_home_dir_t:dir user_procmail_t. So procmail would compute the domain to use like this, in pseudocode: newcon = security_compute_relabel (getcon (), getfilecon (getpwent (getuid ())->pw_dir))setexeccon(newcon) To do this right, you create a postfix_user_domain($1) macro, call it from base_user_macros.te (and probably ifdef(`procmail.te')). I think this is arguably cleaner than having another config file in /etc.
-- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.From: Valdis.Kletnieks_at_vt.edu subject: Re: using procmail under SE-Linux Date: Fri, 19 Nov 2004 13:38:11 -0500
> type_transition postfix_local_t user_home_dir_t:dir user_procmail_t. This would apply only to things that procmail exec'ed, and not to any file access/etc done by procmail itself, correct? (i.e. this would fix a call to mh's "rcvstore", but not a misuse of 'LOG=' in the procmailrc)...
-- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.From: Colin Walters <walters_at_verbum.org> subject: Re: using procmail under SE-Linux Date: Fri, 19 Nov 2004 13:49:36 -0500
I meant for this to go into a procmail wrapper program. Move the existing procmail to /usr/bin/procmail.real, and just put the above code in /usr/bin/procmail, then have it exec /usr/bin/procmail.real after doing the setexeccon. Sorry about being unclear.
-- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.From: Stephen Smalley <sds_at_epoch.ncsc.mil> subject: Re: using procmail under SE-Linux Date: Fri, 19 Nov 2004 13:43:45 -0500
Nit: That would be security_compute_create(), which internally consults type_transition rules. security_compute_relabel() is for relabeling and consults type_change rules. However, I think you would actually just use get_default_context(), and define appropriate entries in default_contexts for procmail. -- Stephen Smalley <sds@epoch.ncsc.mil> National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.From: Valdis.Kletnieks_at_vt.edu subject: Re: using procmail under SE-Linux Date: Fri, 19 Nov 2004 16:23:02 -0500
> Nit: That would be security_compute_create(), which internally consults That would probably work for a "first cut", but.... The "wrapper" plan won't work if your site uses procmail in LMTP mode - as there it could be handed multiple recipients that end up needing to run in different contexts. At that point, the wrapper would need to be smart enough to fork/exec() the "real" procmail once for each recipient, and do LMTP to the MTA (which would require some major code refactoring, I suspect). There's also uglyness with the procmail DROPPRIVS stuff. (Mind you, the wrapper *will* work for the generic "invoke procmail as a delivery aject from sendmail, and only run the user's .procmailrc as the user, and don't use any of the advanced features" configuration - but there *are* things that are going to require some major work/rewriting to do well under selinux.)
-- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.From: Colin Walters <walters_at_verbum.org> subject: Re: using procmail under SE-Linux Date: Fri, 19 Nov 2004 16:35:54 -0500
> (Mind you, the wrapper *will* work for the generic "invoke procmail as a Ah. I've only ever used the simple configuration then, I guess. I'm not sure the procmail code is going to be very amenable to more extensive work though...
-- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.From: Valdis.Kletnieks_at_vt.edu subject: Re: using procmail under SE-Linux Date: Fri, 19 Nov 2004 17:07:56 -0500
> Ah. I've only ever used the simple configuration then, I guess. I'm I'm quite positive the code will *not* be very amenable to modification. Personally, I'm surprised it's even amenable to compiling correctly. :)
-- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.
|
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |