My current setup is al follows:
A user device mapped to staff_t and a user laptop mapped to user_t. tmux runs in the, respective, context staff_screen_t and user_screen_t (which they do by default, I did not change this).
When I open tmux on either user I get the following error: /home/<USER>/.config/tmux/tmux.conf: Permission denied
Which was strange to me, because this directory and file do not even exist by default. My configuration is read from /home/<USER>/.tmux.conf with SELinux context screen_home_t.
tmux works fine if you ignore the error, and even the settings are loaded fine from /home/<USER>/.tmux.conf, but this error stops me from automatically starting software in a tmux screen.
What I have tried so far:
Check for AVC/SELinux denial errors in the logs → Nothing shows up after starting tmux
Setenforce to 0 to check if SELinux is to blame → Yes it is, because then no error message appears
Create /home/<USER>/.config/tmux and /home/<USER>/.config/tmux/tmux.conf → still get the error
Change the context of the files in step 3 to screen_home_t → still get the error
So I am at a loss. I do not want to run in permissive mode and I have tried everything so far. Does anyone have any insights?
Starting from v3.1, tmux looks for ~/.config/tmux/tmux.conf in addition to traditional ~/.tmux.conf for configuration files. You can use -f option to specify an alternative configuration file and since your ~/.tmux.conf has right context, you will not get an error.
BTW, how do you start tmux? I start it from terminal manually and it has SELinux context of unconfined_u:unconfined_r:unconfined_t so it can access ~/.config/tmux/tmux.conf as well as ~/.tmux.conf without any error.
But if I start it manually it also starts with the staff_screen_t or user_screen_t context. Perhaps your user is running unconfined, so tmux also runs unconfined when you start it.
Changing ExecStart=/usr/bin/tmux -2 new-session -d /usr/bin/weechat to ExecStart=/usr/bin/tmux -2 -f /home/device/.tmux.conf new-session -d /usr/bin/weechat is a workaround for now, but not a complete fix. How would I need to set the context for ~/.config/tmux/tmux.conf correctly? I am very confused as to why it cannot manage despite having the same context as ~/.tmux.conf.
Thank you for your workaround by the way, it makes my life much easier.