diff options
| author | Stefano Brivio <sbrivio@redhat.com> | 2024-11-14 23:48:54 +0100 |
|---|---|---|
| committer | Stefano Brivio <sbrivio@redhat.com> | 2024-11-19 21:10:14 +0100 |
| commit | 5e2446667729d01ef8208d0e7e866cee09c8a3fb (patch) | |
| tree | af85fd9449af853e185764656816604e906fe9f9 /tcp_vu.c | |
| parent | 6e1e44293ef991d8c946dd59fbbd65c54901b255 (diff) | |
| download | passt-5e2446667729d01ef8208d0e7e866cee09c8a3fb.tar passt-5e2446667729d01ef8208d0e7e866cee09c8a3fb.tar.gz passt-5e2446667729d01ef8208d0e7e866cee09c8a3fb.tar.bz2 passt-5e2446667729d01ef8208d0e7e866cee09c8a3fb.tar.lz passt-5e2446667729d01ef8208d0e7e866cee09c8a3fb.tar.xz passt-5e2446667729d01ef8208d0e7e866cee09c8a3fb.tar.zst passt-5e2446667729d01ef8208d0e7e866cee09c8a3fb.zip | |
selinux: Use auth_read_passwd() interface for all our getpwnam() needs
If passt or pasta are started as root, we need to read the passwd file
(be it /etc/passwd or whatever sssd provides) to find out UID and GID
of 'nobody' so that we can switch to it.
Instead of a bunch of allow rules for passwd_file_t and sssd macros,
use the more convenient auth_read_passwd() interface which should
cover our usage of getpwnam().
The existing rules weren't actually enough:
# strace -e openat passt -f
[...]
Started as root, will change to nobody.
openat(AT_FDCWD, "/etc/nsswitch.conf", O_RDONLY|O_CLOEXEC) = 4
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 4
openat(AT_FDCWD, "/lib64/libnss_sss.so.2", O_RDONLY|O_CLOEXEC) = 4
openat(AT_FDCWD, "/var/lib/sss/mc/passwd", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
openat(AT_FDCWD, "/var/lib/sss/mc/passwd", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
openat(AT_FDCWD, "/etc/passwd", O_RDONLY|O_CLOEXEC) = 4
with corresponding SELinux warnings logged in audit.log.
Reported-by: Minxi Hou <mhou@redhat.com>
Analysed-by: Miloš Malik <mmalik@redhat.com>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Diffstat (limited to 'tcp_vu.c')
0 files changed, 0 insertions, 0 deletions