Summary: | mail-mta/postfix-2.8.9 with sec-policy/selinux-postfix-2.20120215-r15 doesn't allow sysadm_r to run 'postqueue' command | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Vincent Brillault <gentoo> |
Component: | SELinux | Assignee: | Sven Vermeulen (RETIRED) <swift> |
Status: | VERIFIED FIXED | ||
Severity: | minor | CC: | alunduil, selinux |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | AMD64 | ||
OS: | Linux | ||
Whiteboard: | sec-policy r7 | ||
Package list: | Runtime testing required: | --- |
Description
Vincent Brillault
2012-07-30 17:39:23 UTC
Will be in rev2 r2 is now in hardened-dev overlay Great ! I've just test the 'postqueue' command and it seems to work (I've tested the basic commands of postqueue, with no errors so far). There is still one little problem: Postqueue have a failback mechanism if it is run when postfix is down. It directly access the files to obtain information on the messages. It's a less important feature so I don't know if we really want to support it. Examples: *Postfix up: #postqueue -p -Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient------- ..... -- 2 Kbytes in 1 Request. *Postfix down, enforce: #postqueue -p postqueue: warning: Mail system is down -- accessing queue directly postqueue: fatal: execv /usr/libexec/postfix/showq: Permission denied *postfix down, permissive: postqueue -p postqueue: warning: Mail system is down -- accessing queue directly -Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient------- ... -- 2 Kbytes in 1 Request. I can reproduce it with more information (avcs) if you need. I haven't done a thorough investigation of all features, just ran "postqueue -p" to see if I can reproduce (which was indeed the case) and then added in a "can_exec(sysadm_t, postfix_showq_exec_t)" and I didn't get an error anymore. However, I don't have much postfix experience - is this fallback only to view the queue, or should other operations also work? Ok, can_exec added to repo and will be in r7 r7 is now in hardened-dev Sorry for the late answer. I'm not an expert on postfix but I think that in offline mode, you can theoretically call postqueue or postsuper on non-SELinux system. Nevertheless, for me, listing with postqueue is enough (Last time I tried to use postsuper without postfix running (without SELinux), it didn't work well). In sysadm.te (in r7) there are only the following rules: optional_policy(` postfix_exec_master(sysadm_t) postfix_exec_postqueue(sysadm_t) postfix_stream_connect_master(sysadm_t) ') Shouldn't the can_exec(sysadm_t, postfix_showq_exec_t) be added here (or those rules replaced by postfix_admin(sysadm_t,sysadm_r)) ? I added it in the postfix_admin() interface, as it seems logical that only those domains with postfix_admin() rights should be able to do this. In main tree, ~arch'ed r8 is now stable |