[Dovecot] dovecot's deliver and SELinux
Hello,
I am the new maintainer of dovecot for Fedora and Red Hat and so I am trying to cleanup some old reported bugs. One of them is a problem when "deliver" writes of temporary files into /tmp are blocked by SELinux policy (https://bugzilla.redhat.com/show_bug.cgi?id=424091). From the SELinux's point of view it is bad when system services try to write into /tmp (for detail see http://danwalsh.livejournal.com/11467.html). The solution looks simple - just to switch from /tmp to PKG_RUNDIR (line 472 in deliver.c for dovecot 1.0) for writing the temp files. But this raises two questions - will it really work and when yes, is it acceptable for the author?
Thanks,
Dan-- Fedora and Red Hat package maintainer
On Thu, 2008-05-29 at 16:48 +0200, Dan Horák wrote:
Hello,
I am the new maintainer of dovecot for Fedora and Red Hat and so I am trying to cleanup some old reported bugs. One of them is a problem when "deliver" writes of temporary files into /tmp are blocked by SELinux policy (https://bugzilla.redhat.com/show_bug.cgi?id=424091). From the SELinux's point of view it is bad when system services try to write into /tmp (for detail see http://danwalsh.livejournal.com/11467.html). The solution looks simple - just to switch from /tmp to PKG_RUNDIR (line 472 in deliver.c for dovecot 1.0) for writing the temp files. But this raises two questions - will it really work and when yes, is it acceptable for the author?
I don't much like it writing to /tmp either, but PKG_RUNDIR won't work either because it doesn't have write permissions there. Especially because some people run deliver under multiple different UIDs. So it would have to be some world-writable directory. Although one could be created under PKG_RUNDIR (or actually base_dir setting would be better than hardcoded PKG_RUNDIR).
It would be nice if this writing could be avoided completely. And in some (most) situations it would be possible (although code changes aren't that simple), but there's the problem of what to do when a 100 MB message comes and a Sieve script requests something that requires parsing the message body. The message body must be read through multiple times then and the only solution is to save the message somewhere temporarily.
I guess yet another possibility would be to initiate a saving to INBOX. If the destination is INBOX, the only thing to do is to commit the transaction. If the destination is elsewhere, with luck the written temp file could be link()ed to destination (would again require non-trivial code changes).
On Thu, 2008-05-29 at 16:48 +0200, Dan Horák wrote:
Hello,
I am the new maintainer of dovecot for Fedora and Red Hat and so I am trying to cleanup some old reported bugs. [..]
Mmm.. I was wondering if it's worth to have a look at the various dovecot patches used by main distributions before releasing dovecot-1.1.
I mean, having a look if there is something besides the changes of default configuration options or installation path that can be merged upstream.
Regards, Diego
Diego Liziero píše v Čt 29. 05. 2008 v 19:49 +0200:
On Thu, 2008-05-29 at 16:48 +0200, Dan Horák wrote:
Hello,
I am the new maintainer of dovecot for Fedora and Red Hat and so I am trying to cleanup some old reported bugs. [..]
Mmm.. I was wondering if it's worth to have a look at the various dovecot patches used by main distributions before releasing dovecot-1.1.
I mean, having a look if there is something besides the changes of default configuration options or installation path that can be merged upstream.
The current state of the package can be seen at http://cvs.fedoraproject.org/viewcvs/rpms/dovecot/devel/ There should be pointers for the reason of patch in the spec file. I have already done an (internal) update of the package do 1.1rc5 that obsoletes some of the patches. I can do a "patch review" during tomorrow and post the results here.
Dan-- Fedora and Red Hat package maintainer
participants (3)
-
Dan Horák
-
Diego Liziero
-
Timo Sirainen