Bug 1650232

Summary: postconf command alters selinux context of main.cf when run
Product: Red Hat Enterprise Linux 7 Reporter: afox <afox>
Component: selinux-policyAssignee: Lukas Vrabec <lvrabec>
Status: CLOSED WONTFIX QA Contact: Milos Malik <mmalik>
Severity: low Docs Contact:
Priority: low    
Version: 7.5CC: jskarvad, lvrabec, mgrepl, mmalik, plautrba, ssekidde, thozza, vmojzis, zpytela
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-02-28 19:07:19 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description afox@redhat.com 2018-11-15 16:07:11 UTC 
Description of problem:
Running the postconf command to set a value in /etc/postfix/main.cf always alters the selinux context of that file away from what it should be. For example:

---
[root@eld115:~]# ll -Z /etc/postfix/main.cf 
-rw-r--r--. root root system_u:object_r:postfix_etc_t:s0 /etc/postfix/main.cf
[root@eld115:~]# postconf -e 'mydomain = testdomain.gov.uk'
[root@eld115:~]# ll -Z /etc/postfix/main.cf 
-rw-r--r--. root root unconfined_u:object_r:postfix_etc_t:s0 /etc/postfix/main.cf
---

Using restorecon, then resets the context to what it should be:

---
[root@eld115:~]# restorecon -Fvv /etc/postfix/main.cf
restorecon reset /etc/postfix/main.cf context unconfined_u:object_r:postfix_etc_t:s0->system_u:object_r:postfix_etc_t:s0
[root@eld115:~]# ll -Z /etc/postfix/main.cf 
-rw-r--r--. root root system_u:object_r:postfix_etc_t:s0 /etc/postfix/main.cf
---

Checking/getting a value is fine:

---
[root@eld115:~]# ll -Z /etc/postfix/main.cf 
-rw-r--r--. root root system_u:object_r:postfix_etc_t:s0 /etc/postfix/main.cf
[root@eld115:~]# postconf mydomain
mydomain = metoffice.gov.uk
[root@eld115:~]# ll -Z /etc/postfix/main.cf 
-rw-r--r--. root root system_u:object_r:postfix_etc_t:s0 /etc/postfix/main.cf
---

This means that systems continually flip-flop between having the context for /etc/postfix.main.cf set to one of the two values:

unconfined_u:object_r:postfix_etc_t:s0 main.cf
system_u:object_r:postfix_etc_t:s0 main.cf

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. Run postconf command to set a value in main.cf

Actual results:
Running postconf results in selinux context being changed on main.cf

Expected results:
selinux context on main.cf should not change when executing postconf
Comment 3 Jaroslav Škarvada 2019-01-28 15:29:37 UTC 
Sorry for delay, I think the best way is to fix it in the SELinux policy instead of adding downstream "hacks" into postconf, the strace output of the postconf:
...
rename("/etc/postfix/main.cf.tmp", "/etc/postfix/main.cf") = 0
...

Reassigning to selinux-policy.
Comment 5 Zdenek Pytela 2019-02-28 19:07:19 UTC 
This issue was not selected to be included in Red Hat Enterprise Linux 7.7 because it is seen either as low or moderate impact to a small number of use-cases. The next release will be in Maintenance Support 1 Phase, which means that qualified Critical and Important Security errata advisories (RHSAs) and Urgent Priority Bug Fix errata advisories (RHBAs) may be released as they become available.

We will now close this issue, but if you believe that it qualifies for the Maintenance Support 1 Phase, please re-open; otherwise, we recommend moving the request to Red Hat Enterprise Linux 8 if applicable.
Comment 6 Milos Malik 2019-05-03 14:43:06 UTC 
It seems that every time the "postconf ..." is executed, the inode changes. I believe that the postconf utility creates a new file every time.

[root@ci-vm-10-0-136-48 ~]# ls -Z /etc/postfix/main.cf
-rw-r--r--. root root system_u:object_r:postfix_etc_t:s0 /etc/postfix/main.cf
[root@ci-vm-10-0-136-48 ~]# ls -il /etc/postfix/main.cf
145296 -rw-r--r--. 1 root root 27176 May  9  2018 /etc/postfix/main.cf
[root@ci-vm-10-0-136-48 ~]# postconf -e 'mydomain = testdomain.gov.uk'
[root@ci-vm-10-0-136-48 ~]# ls -Z /etc/postfix/main.cf
-rw-r--r--. root root unconfined_u:object_r:postfix_etc_t:s0 /etc/postfix/main.cf
[root@ci-vm-10-0-136-48 ~]# ls -il /etc/postfix/main.cf
169024 -rw-r--r--. 1 root root 27205 May  3 10:28 /etc/postfix/main.cf
[root@ci-vm-10-0-136-48 ~]# restorecon -vF /etc/postfix/main.cf
restorecon reset /etc/postfix/main.cf context unconfined_u:object_r:postfix_etc_t:s0->system_u:object_r:postfix_etc_t:s0
[root@ci-vm-10-0-136-48 ~]# ls -Z /etc/postfix/main.cf
-rw-r--r--. root root system_u:object_r:postfix_etc_t:s0 /etc/postfix/main.cf
[root@ci-vm-10-0-136-48 ~]# ls -il /etc/postfix/main.cf
169024 -rw-r--r--. 1 root root 27205 May  3 10:28 /etc/postfix/main.cf
[root@ci-vm-10-0-136-48 ~]# postconf -e 'mydomain = other-domain.gov.uk'
[root@ci-vm-10-0-136-48 ~]# ls -Z /etc/postfix/main.cf
-rw-r--r--. root root unconfined_u:object_r:postfix_etc_t:s0 /etc/postfix/main.cf
[root@ci-vm-10-0-136-48 ~]# ls -il /etc/postfix/main.cf
145296 -rw-r--r--. 1 root root 27207 May  3 10:30 /etc/postfix/main.cf
[root@ci-vm-10-0-136-48 ~]# restorecon -vF /etc/postfix/main.cf
restorecon reset /etc/postfix/main.cf context unconfined_u:object_r:postfix_etc_t:s0->system_u:object_r:postfix_etc_t:s0
[root@ci-vm-10-0-136-48 ~]# ls -Z /etc/postfix/main.cf
-rw-r--r--. root root system_u:object_r:postfix_etc_t:s0 /etc/postfix/main.cf
[root@ci-vm-10-0-136-48 ~]# ls -il /etc/postfix/main.cf
145296 -rw-r--r--. 1 root root 27207 May  3 10:30 /etc/postfix/main.cf
[root@ci-vm-10-0-136-48 ~]# postconf -e 'mydomain = yet-another.gov.uk'
[root@ci-vm-10-0-136-48 ~]# ls -Z /etc/postfix/main.cf
-rw-r--r--. root root unconfined_u:object_r:postfix_etc_t:s0 /etc/postfix/main.cf
[root@ci-vm-10-0-136-48 ~]# ls -il /etc/postfix/main.cf
169024 -rw-r--r--. 1 root root 27206 May  3 10:34 /etc/postfix/main.cf
[root@ci-vm-10-0-136-48 ~]#
Comment 7 Milos Malik 2019-05-03 14:55:57 UTC 
strace output also confirms that setting a value via postconf utility leads to a newly created file (inode changed):

[root@ci-vm-10-0-136-48 ~]# ls -il /etc/postfix/main.cf
169024 -rw-r--r--. 1 root root 27206 May  3 10:34 /etc/postfix/main.cf
[root@ci-vm-10-0-136-48 ~]# ls -Z /etc/postfix/main.cf
-rw-r--r--. root root unconfined_u:object_r:postfix_etc_t:s0 /etc/postfix/main.cf
[root@ci-vm-10-0-136-48 ~]# strace -f -o output.txt postconf -e 'mydomain = traced.gov.uk'
[root@ci-vm-10-0-136-48 ~]# ls -il /etc/postfix/main.cf
145296 -rw-r--r--. 1 root root 27201 May  3 10:47 /etc/postfix/main.cf
[root@ci-vm-10-0-136-48 ~]# ls -Z /etc/postfix/main.cf
-rw-r--r--. root root unconfined_u:object_r:postfix_etc_t:s0 /etc/postfix/main.cf
[root@ci-vm-10-0-136-48 ~]# grep main.cf output.txt 
10314 open("/etc/postfix/main.cf.tmp", O_WRONLY|O_CREAT, 0600) = 3
10314 stat("/etc/postfix/main.cf.tmp", {st_mode=S_IFREG|0600, st_size=0, ...}) = 0
10314 open("/etc/postfix/main.cf", O_RDONLY) = 4
10314 rename("/etc/postfix/main.cf.tmp", "/etc/postfix/main.cf") = 0
[root@ci-vm-10-0-136-48 ~]# 

Getting a value does not create a new file, therefore the inode + SELinux context remain the same:

[root@ci-vm-10-0-136-48 ~]# ls -il /etc/postfix/main.cf
145296 -rw-r--r--. 1 root root 27201 May  3 10:47 /etc/postfix/main.cf
[root@ci-vm-10-0-136-48 ~]# ls -Z /etc/postfix/main.cf
-rw-r--r--. root root system_u:object_r:postfix_etc_t:s0 /etc/postfix/main.cf
[root@ci-vm-10-0-136-48 ~]# postconf mydomain
mydomain = traced.gov.uk
[root@ci-vm-10-0-136-48 ~]# ls -il /etc/postfix/main.cf
145296 -rw-r--r--. 1 root root 27201 May  3 10:47 /etc/postfix/main.cf
[root@ci-vm-10-0-136-48 ~]# ls -Z /etc/postfix/main.cf
-rw-r--r--. root root system_u:object_r:postfix_etc_t:s0 /etc/postfix/main.cf
[root@ci-vm-10-0-136-48 ~]#
Comment 8 Jaroslav Škarvada 2019-05-03 14:57:05 UTC 
(In reply to Milos Malik from comment #6)
> It seems that every time the "postconf ..." is executed, the inode changes.
> I believe that the postconf utility creates a new file every time.
> 
> [root@ci-vm-10-0-136-48 ~]# ls -Z /etc/postfix/main.cf
> -rw-r--r--. root root system_u:object_r:postfix_etc_t:s0 /etc/postfix/main.cf
> [root@ci-vm-10-0-136-48 ~]# ls -il /etc/postfix/main.cf
> 145296 -rw-r--r--. 1 root root 27176 May  9  2018 /etc/postfix/main.cf
> [root@ci-vm-10-0-136-48 ~]# postconf -e 'mydomain = testdomain.gov.uk'
> [root@ci-vm-10-0-136-48 ~]# ls -Z /etc/postfix/main.cf
> -rw-r--r--. root root unconfined_u:object_r:postfix_etc_t:s0
> /etc/postfix/main.cf
> [root@ci-vm-10-0-136-48 ~]# ls -il /etc/postfix/main.cf
> 169024 -rw-r--r--. 1 root root 27205 May  3 10:28 /etc/postfix/main.cf
> [root@ci-vm-10-0-136-48 ~]# restorecon -vF /etc/postfix/main.cf
> restorecon reset /etc/postfix/main.cf context
> unconfined_u:object_r:postfix_etc_t:s0->system_u:object_r:postfix_etc_t:s0
> [root@ci-vm-10-0-136-48 ~]# ls -Z /etc/postfix/main.cf
> -rw-r--r--. root root system_u:object_r:postfix_etc_t:s0 /etc/postfix/main.cf
> [root@ci-vm-10-0-136-48 ~]# ls -il /etc/postfix/main.cf
> 169024 -rw-r--r--. 1 root root 27205 May  3 10:28 /etc/postfix/main.cf
> [root@ci-vm-10-0-136-48 ~]# postconf -e 'mydomain = other-domain.gov.uk'
> [root@ci-vm-10-0-136-48 ~]# ls -Z /etc/postfix/main.cf
> -rw-r--r--. root root unconfined_u:object_r:postfix_etc_t:s0
> /etc/postfix/main.cf
> [root@ci-vm-10-0-136-48 ~]# ls -il /etc/postfix/main.cf
> 145296 -rw-r--r--. 1 root root 27207 May  3 10:30 /etc/postfix/main.cf
> [root@ci-vm-10-0-136-48 ~]# restorecon -vF /etc/postfix/main.cf
> restorecon reset /etc/postfix/main.cf context
> unconfined_u:object_r:postfix_etc_t:s0->system_u:object_r:postfix_etc_t:s0
> [root@ci-vm-10-0-136-48 ~]# ls -Z /etc/postfix/main.cf
> -rw-r--r--. root root system_u:object_r:postfix_etc_t:s0 /etc/postfix/main.cf
> [root@ci-vm-10-0-136-48 ~]# ls -il /etc/postfix/main.cf
> 145296 -rw-r--r--. 1 root root 27207 May  3 10:30 /etc/postfix/main.cf
> [root@ci-vm-10-0-136-48 ~]# postconf -e 'mydomain = yet-another.gov.uk'
> [root@ci-vm-10-0-136-48 ~]# ls -Z /etc/postfix/main.cf
> -rw-r--r--. root root unconfined_u:object_r:postfix_etc_t:s0
> /etc/postfix/main.cf
> [root@ci-vm-10-0-136-48 ~]# ls -il /etc/postfix/main.cf
> 169024 -rw-r--r--. 1 root root 27206 May  3 10:34 /etc/postfix/main.cf
> [root@ci-vm-10-0-136-48 ~]#

Are you able to reproduce this on RHEL-8? AFAIK there was no related change in the postfix since RHEL-7, so if it wasn't addressed in the selinux-policy, the problem is probably also there. In such case please clone it to RHEL-8.
Comment 9 Milos Malik 2019-05-03 15:14:25 UTC 
The same picture on RHEL-8:

[root@ci-vm-10-0-136-197 ~]# ls -Z /etc/postfix/main.cf
system_u:object_r:postfix_etc_t:s0 /etc/postfix/main.cf
[root@ci-vm-10-0-136-197 ~]# ls -il /etc/postfix/main.cf
10486150 -rw-r--r--. 1 root root 29374 Dec  4 09:13 /etc/postfix/main.cf
[root@ci-vm-10-0-136-197 ~]# postconf -e 'mydomain = testdomain.gov.uk'
[root@ci-vm-10-0-136-197 ~]# ls -Z /etc/postfix/main.cf
unconfined_u:object_r:postfix_etc_t:s0 /etc/postfix/main.cf
[root@ci-vm-10-0-136-197 ~]# ls -il /etc/postfix/main.cf
10486163 -rw-r--r--. 1 root root 29403 May  3 11:10 /etc/postfix/main.cf
[root@ci-vm-10-0-136-197 ~]# restorecon -vF /etc/postfix/main.cf
Relabeled /etc/postfix/main.cf from unconfined_u:object_r:postfix_etc_t:s0 to system_u:object_r:postfix_etc_t:s0
[root@ci-vm-10-0-136-197 ~]# ls -Z /etc/postfix/main.cf
system_u:object_r:postfix_etc_t:s0 /etc/postfix/main.cf
[root@ci-vm-10-0-136-197 ~]# ls -il /etc/postfix/main.cf
10486163 -rw-r--r--. 1 root root 29403 May  3 11:10 /etc/postfix/main.cf
[root@ci-vm-10-0-136-197 ~]# postconf -e 'mydomain = other-domain.gov.uk'
[root@ci-vm-10-0-136-197 ~]# ls -Z /etc/postfix/main.cf
unconfined_u:object_r:postfix_etc_t:s0 /etc/postfix/main.cf
[root@ci-vm-10-0-136-197 ~]# ls -il /etc/postfix/main.cf
10486150 -rw-r--r--. 1 root root 29405 May  3 11:11 /etc/postfix/main.cf
[root@ci-vm-10-0-136-197 ~]#