On Thu, 2009-03-05 at 21:01 +0100, Jan Kasprzak wrote: > Hello, > > I am probably overlooking something, but it seems that SELinux prevents > the environment variables to be inherited to the new program over exec(): > > I have a daemon (running in its own domain mydaemon_t) which tries > to fork() and then exec() a program which has domain_auto_trans() > to a new domain myprogram_t. Now I want to pass a TMPDIR environment > variable from the daemon to the program. It does not work - I get > AVCs about myprogram_t trying to read the tmp_t directory (which means > it still tries to use /tmp, not whatever is written in TMPDIR. > > I have created my own directory /var/myprogram/tmp which I also > put into the TMPDIR variable. When I add "sleep(100)" to the daemon > just before the exec() of myprogram, I can see the TMPDIR variable correctly > set in /proc/<pid>/environ. > > When I do "setenforce 0", running the program from the daemon > causes the /var/myprogram/tmp mtime to be updated and no AVCs are logged, > so the program gets the TMPDIR variable correctly set up. > > Does SELinux prevent the environment variables to be inherited > over exec()? If so, how can I enable it? On a domain transition, by default, SELinux will set the AT_SECURE auxv flag and glibc will then sanitize the environment in the same manner as for setuid/setgid program execution. You can disable that behavior on a selective basis by allowing the "noatsecure" permission between the old and new domains. You would add the following allow rule to your policy: allow mydaemon_t myprogram_t:process noatsecure; -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
