My current setup is al follows:
A user device mapped to
staff_t and a user laptop mapped to
user_t. tmux runs in the, respective, context
user_screen_t (which they do by default, I did not change this).
When I open tmux on either user I get the following error:
/home/<USER>/.config/tmux/tmux.conf: Permission denied
Which was strange to me, because this directory and file do not even exist by default. My configuration is read from
/home/<USER>/.tmux.conf with SELinux context
tmux works fine if you ignore the error, and even the settings are loaded fine from
/home/<USER>/.tmux.conf, but this error stops me from automatically starting software in a tmux screen.
What I have tried so far:
- Check for AVC/SELinux denial errors in the logs → Nothing shows up after starting tmux
- Setenforce to 0 to check if SELinux is to blame → Yes it is, because then no error message appears
/home/<USER>/.config/tmux/tmux.conf → still get the error
- Change the context of the files in step 3 to
screen_home_t → still get the error
So I am at a loss. I do not want to run in permissive mode and I have tried everything so far. Does anyone have any insights?
Starting from v3.1, tmux looks for
~/.config/tmux/tmux.conf in addition to traditional
~/.tmux.conf for configuration files. You can use
-f option to specify an alternative configuration file and since your
~/.tmux.conf has right context, you will not get an error.
BTW, how do you start tmux? I start it from terminal manually and it has SELinux context of
unconfined_u:unconfined_r:unconfined_t so it can access
~/.config/tmux/tmux.conf as well as
~/.tmux.conf without any error.
I normalle start tmux automatically with a systemd user service:
Description=Weechat IRC Client (in tmux)
ExecStart=/usr/bin/tmux -2 new-session -d /usr/bin/weechat
ExecStop=/usr/bin/tmux kill-session -t 0
But if I start it manually it also starts with the staff_screen_t or user_screen_t context. Perhaps your user is running unconfined, so tmux also runs unconfined when you start it.
ExecStart=/usr/bin/tmux -2 new-session -d /usr/bin/weechat to
ExecStart=/usr/bin/tmux -2 -f /home/device/.tmux.conf new-session -d /usr/bin/weechat is a workaround for now, but not a complete fix. How would I need to set the context for
~/.config/tmux/tmux.conf correctly? I am very confused as to why it cannot manage despite having the same context as
Thank you for your workaround by the way, it makes my life much easier.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.