[DSE-Dev] Bug#739150: selinux-policy-default: Nonfunctional courier_exec_t domain breaks courier-pop

Devin Carraway devin at debian.org
Sun Feb 16 09:17:20 UTC 2014

Package: selinux-policy-default
Version: 2:2.20140206-1
Severity: normal

The courier suite uses a series of daemons that start one another at various
stages in startup and authentication (e.g. a logger starts a tcpd which starts
an authentication wrapper which starts an actual imapd).  The same chaining is
used in shutdown - the outermost daemon is called with -stop and then they all
send kill signals downward.  The policy module for courier defines a discrete
domain for most of the components, but courierlogger is labelled simply with
courier_exec_t.  There is no courier_t, and this isn't a normal
entrypoint/domtrans type -- so init never actually transitions into it, and
courierlogger ends up running as initrc_t.  It then starts up couriertcpd
normally, because it's still in init's domain and (unlike courier_exec_t) has
the transition rules to make that happen.

However, that has two problems: first, courierlogger is still running with
elevated privileges, and in courier-pop's case, the daemon can't be shut
down because to do so it calls couriertcpd, not courierlogger.  couriertcpd
runs in courier_tcpd_t and has no access to signal a proc in initrc_t, so
it hangs forever on halt.

-- System Information:
Debian Release: jessie/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'testing-updates'), (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.12-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages selinux-policy-default depends on:
ii  libpam-modules   1.1.3-9
ii  libselinux1      2.2.2-1
ii  libsepol1        2.2-1
ii  policycoreutils  2.2.5-1
ii  python           2.7.5-5
ii  selinux-utils    2.2.2-1

Versions of packages selinux-policy-default recommends:
ii  checkpolicy  2.2-1
ii  setools      3.3.8-3

Versions of packages selinux-policy-default suggests:
pn  logcheck        <none>
pn  syslog-summary  <none>

-- Configuration Files:
/etc/selinux/default/modules/active/file_contexts.local [Errno 13] Permission denied: u'/etc/selinux/default/modules/active/file_contexts.local'

-- debconf-show failed

More information about the SELinux-devel mailing list