Hello,
I am probably overlooking something, but it seems that SELinux prevents the environment variables to be inherited to the new program over exec():
I have a daemon (running in its own domain mydaemon_t) which tries to fork() and then exec() a program which has domain_auto_trans() to a new domain myprogram_t. Now I want to pass a TMPDIR environment variable from the daemon to the program. It does not work - I get AVCs about myprogram_t trying to read the tmp_t directory (which means it still tries to use /tmp, not whatever is written in TMPDIR.
I have created my own directory /var/myprogram/tmp which I also put into the TMPDIR variable. When I add "sleep(100)" to the daemon just before the exec() of myprogram, I can see the TMPDIR variable correctly set in /proc/<pid>/environ.
When I do "setenforce 0", running the program from the daemon causes the /var/myprogram/tmp mtime to be updated and no AVCs are logged, so the program gets the TMPDIR variable correctly set up.
Does SELinux prevent the environment variables to be inherited over exec()? If so, how can I enable it?
Thanks,
-Yenya
On Thu, 2009-03-05 at 21:01 +0100, Jan Kasprzak wrote:
Hello,
I am probably overlooking something, but it seems that SELinux prevents the environment variables to be inherited to the new program over exec():
I have a daemon (running in its own domain mydaemon_t) which tries to fork() and then exec() a program which has domain_auto_trans() to a new domain myprogram_t. Now I want to pass a TMPDIR environment variable from the daemon to the program. It does not work - I get AVCs about myprogram_t trying to read the tmp_t directory (which means it still tries to use /tmp, not whatever is written in TMPDIR.
I have created my own directory /var/myprogram/tmp which I also put into the TMPDIR variable. When I add "sleep(100)" to the daemon just before the exec() of myprogram, I can see the TMPDIR variable correctly set in /proc/<pid>/environ.
When I do "setenforce 0", running the program from the daemon causes the /var/myprogram/tmp mtime to be updated and no AVCs are logged, so the program gets the TMPDIR variable correctly set up.
Does SELinux prevent the environment variables to be inherited over exec()? If so, how can I enable it?
On a domain transition, by default, SELinux will set the AT_SECURE auxv flag and glibc will then sanitize the environment in the same manner as for setuid/setgid program execution. You can disable that behavior on a selective basis by allowing the "noatsecure" permission between the old and new domains. You would add the following allow rule to your policy:
allow mydaemon_t myprogram_t:process noatsecure;
Stephen Smalley wrote: : > Does SELinux prevent the environment variables to be inherited : > over exec()? If so, how can I enable it? : : On a domain transition, by default, SELinux will set the AT_SECURE auxv : flag and glibc will then sanitize the environment in the same manner as : for setuid/setgid program execution. You can disable that behavior on a : selective basis by allowing the "noatsecure" permission between the old : and new domains. You would add the following allow rule to your policy: : : allow mydaemon_t myprogram_t:process noatsecure;
Thanks for the explanation. I have already tested that the above rule solves the problem for me (found it out using semodule -DB, as suggested by Dominick Grift).
-Yenya
selinux@lists.fedoraproject.org