Bug 234773
Summary: | SELinux - allow Postfix smtpd access to Mailman aliases | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Anthony Messina <amessina> |
Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Ben Levenson <benl> |
Severity: | high | Docs Contact: | |
Priority: | medium | ||
Version: | 6 | CC: | osfh48fhjf, triage |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | bzcl34nup | ||
Fixed In Version: | Current | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2008-04-08 02:21:06 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Anthony Messina
2007-04-01 20:30:50 UTC
Fixed in selinux-policy-2.4.6-52.fc6 Thanks, Dan. When you say that it is fixed in the future policy, was this something that you guys were already working on, or did this bug report prompt you to take a look at it? I only ask becasue I searched quite a bit for a resolution to this prior to posting this bug report and couldn't find a solution. The bug report promted me to work on it. It is pretty difficult to anticipate all possible ways an app will run, so we rely on bugreports and mail lists to help fix selinux problems. THanks for submitting the bug report. Is this something that is going to get pushed out the RHEL5 too? I ended up making a module using audit2allow postfixmailman.te: module postfixmailman 1.0; require { class dir { add_name remove_name search write }; class file { create getattr lock read rename write }; type mailman_data_t; type postfix_cleanup_t; type postfix_map_t; role system_r; }; allow postfix_cleanup_t mailman_data_t:dir search; allow postfix_map_t mailman_data_t:dir { add_name remove_name search write }; allow postfix_map_t mailman_data_t:file { create getattr lock read rename write }; Yes all most bug fixes for FC6 should show up in the u1 release. Preview is available on http://people.redhat.com/dwalsh/SELinux/RHEL5 Not sure if it is the same problem, but I am unable to update /etc/aliases.db in RHEL5 logged in as root with neither "newaliases" or "postalias /etc/aliases". It gives the error: postalias: fatal: open /etc/aliases.db: Permission denied -rw-r----- 1 root smmsp 12K Oct 16 08:11 aliases.db Did you try the u1 release? We have all the latest updates installed from the default distro which is the only one our host provides access through their redhat licence. Well I believe this is fixed in the u1 update which should be hitting the streates at any moment. If you would like to customize your policy to allow this as root you can execute grep alias /var/log/audit/audit.log | audit2allow -M myalias semodule -i myalias.pp Fedora apologizes that these issues have not been resolved yet. We're sorry it's taken so long for your bug to be properly triaged and acted on. We appreciate the time you took to report this issue and want to make sure no important bugs slip through the cracks. If you're currently running a version of Fedora Core between 1 and 6, please note that Fedora no longer maintains these releases. We strongly encourage you to upgrade to a current Fedora release. In order to refocus our efforts as a project we are flagging all of the open bugs for releases which are no longer maintained and closing them. http://fedoraproject.org/wiki/LifeCycle/EOL If this bug is still open against Fedora Core 1 through 6, thirty days from now, it will be closed 'WONTFIX'. If you can reporduce this bug in the latest Fedora version, please change to the respective version. If you are unable to do this, please add a comment to this bug requesting the change. Thanks for your help, and we apologize again that we haven't handled these issues to this point. The process we are following is outlined here: http://fedoraproject.org/wiki/BugZappers/F9CleanUp We will be following the process here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping to ensure this doesn't happen again. And if you'd like to join the bug triage team to help make things better, check out http://fedoraproject.org/wiki/BugZappers |