Hello,
I am implementing a remote TeX server for our users,
and I would like to confine it using SELinux (FC6, targeted policy).
I need help or suggestions on possible approaches. What I want to do
is the following:
- I have a TeX installation in a separate directory
- I want local users to be able to run TeX commands without restrictions
- I want to have a daemon, running under a separate user, which will handle
remote requests for TeX compilation. Under this user/daemon
the TeX commands should be confined, so that they can only
read TeX data files (the texmf/ tree), execute the TeX sub-commands
(i.e. files under <texroot>/bin/ directory) - including the rights
to the system libraries, locales, etc. as necessary. And the confined
processes should write only to the texmf-var tree (autogenerated
bitmap fonts, etc.) and to the temporary directory, reserved for
TeX outputs (logs, DVI files, dvips outputs, etc.).
My current solution is to create the tex_t domain,
and tex_exec_t, tex_data_t, and tex_tmp_t file types, and make the
daemon run "runcon -t tex_t -- tex myfile.tex" instead of plain
"tex myfile.tex".
Maybe there are better approaches than this:
- maybe the "runcon" is not necessary, and TeX executables can be made to
enter the tex_t domain automatically, when started by the UNIX user
under which the daemon runs.
- or maybe I should use SELinux users or roles instead of domains (?)
- or maybe the daemon should run under its own special domain?
The "runcon" approach allows local users to compile also
untrusted TeX sources - i.e. they can be able to run TeX either under their
own context, or via "runcon" in the confined mode.