Summary: | net-misc/asterisk-1.8.15.1 with sec-policy/selinux-asterisk-2.20120725-r6: enable voicemail | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Vincent Brillault <gentoo> |
Component: | SELinux | Assignee: | SE Linux Bugs <selinux> |
Status: | VERIFIED FIXED | ||
Severity: | enhancement | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | sec-policy r8 | ||
Package list: | Runtime testing required: | --- | |
Attachments: | Inotify logs of /tmp /var/tmp/ /var/spool/asterisk/voicemail during a voice message |
Description
Vincent Brillault
2012-11-03 20:59:30 UTC
Can you elaborate on the asterisk_tmp_t type here? I guess asterisk creates a temporary file for the voicemail stuff (hence the type); is there any possibility of having a differentiation between its "regular" tmp files, and those that are to be sent by the mailer daemon? If not, you probably only need to add "mta_system_content(asterisk_tmp_t)", which is telling SELinux that the asterisk_tmp_t type is used as input files for system mailings. Created attachment 329632 [details]
Inotify logs of /tmp /var/tmp/ /var/spool/asterisk/voicemail during a voice message
After some checks, it appears that asterisk create a temp file /tmp/astmail-XXXXXX (at least) before transmiting it to sendmail. The name of the temp file is hardcoded in the asterisk sources (in app_voicemail.c) and partially random (the XXXXX part), thus, as asterisk is probably using the /tmp/ for other things, using a filetrans_pattern is imposible, isn't it ?
Yes, looks like mta_system_content(asterisk_tmp_t) is the best option here. Adding mta_system_content(asterisk_tmp_t) works :) It a shame we cannot separate it from other asterisk tmp content :'( As a result, I'm not sure if it is a good idea to add it to the default policy... Perhaps with a boolean asterisk_use_voicemail or something similar ? I'm not sure it is that bad. What other temporary files does asterisk use and that wouldn't be protected with the regular DAC (user/group ownership) stuff? Anyway, we cannot make this optional, unless we drop the attribute approach and allow it directly (so with the read_files_pattern stuff) as a "typeattribute <type> <attribute>" call isn't allowed in a tunable policy (I know, stupid right?) Added to policy r8 in hardened-dev overlay r8 is now in main tree, ~arch r8 is now stable |