Environment variables over exec()?
Stephen Smalley
sds at tycho.nsa.gov
Thu Mar 5 20:06:41 UTC 2009
On Thu, 2009-03-05 at 21:01 +0100, Jan Kasprzak wrote:
> Hello,
>
> I am probably overlooking something, but it seems that SELinux prevents
> the environment variables to be inherited to the new program over exec():
>
> I have a daemon (running in its own domain mydaemon_t) which tries
> to fork() and then exec() a program which has domain_auto_trans()
> to a new domain myprogram_t. Now I want to pass a TMPDIR environment
> variable from the daemon to the program. It does not work - I get
> AVCs about myprogram_t trying to read the tmp_t directory (which means
> it still tries to use /tmp, not whatever is written in TMPDIR.
>
> I have created my own directory /var/myprogram/tmp which I also
> put into the TMPDIR variable. When I add "sleep(100)" to the daemon
> just before the exec() of myprogram, I can see the TMPDIR variable correctly
> set in /proc/<pid>/environ.
>
> When I do "setenforce 0", running the program from the daemon
> causes the /var/myprogram/tmp mtime to be updated and no AVCs are logged,
> so the program gets the TMPDIR variable correctly set up.
>
> Does SELinux prevent the environment variables to be inherited
> over exec()? If so, how can I enable it?
On a domain transition, by default, SELinux will set the AT_SECURE auxv
flag and glibc will then sanitize the environment in the same manner as
for setuid/setgid program execution. You can disable that behavior on a
selective basis by allowing the "noatsecure" permission between the old
and new domains. You would add the following allow rule to your policy:
allow mydaemon_t myprogram_t:process noatsecure;
--
Stephen Smalley
National Security Agency
More information about the fedora-selinux-list
mailing list