Bug 465787
Summary: | mailman's weekly archiving blocked by selinux | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | David Nalley <david> |
Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Ben Levenson <benl> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 9 | ||
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2008-10-07 00:34:01 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
David Nalley
2008-10-06 12:52:08 UTC
One more quick addition to get mailman's web interface to work: Oct 6 09:55:20 uclug kernel: type=1400 audit(1223301320.549:122811): avc: denied { getattr } for pid=7618 comm="python" path="/var/lib/mailman/archives/private/uclug/attachments/20080928" dev=dm-0 ino=204003 scontext=unconfined_u:system_r:mailman_mail_t:s0 tcontext=system_u:object_r:mailman_archive_t:s0 tclass=dir Oct 6 09:55:20 uclug kernel: type=1400 audit(1223301320.550:122812): avc: denied { getattr } for pid=7618 comm="python" path="/var/lib/mailman/archives/private/uclug/attachments" dev=dm-0 ino=204002 scontext=unconfined_u:system_r:mailman_mail_t:s0 tcontext=system_u:object_r:mailman_archive_t:s0 tclass=dir Oct 6 09:55:20 uclug kernel: type=1400 audit(1223301320.550:122813): avc: denied { getattr } for pid=7618 comm="python" path="/var/lib/mailman/archives/private/uclug" dev=dm-0ino=196660 scontext=unconfined_u:system_r:mailman_mail_t:s0 tcontext=unconfined_u:object_r:mailman_archive_t:s0 tclass=dir Oct 6 09:55:20 uclug kernel: type=1400 audit(1223301320.551:122814): avc: denied { getattr } for pid=7618 comm="python" path="/var/lib/mailman/archives/private" dev=dm-0 ino=196131 scontext=unconfined_u:system_r:mailman_mail_t:s0 tcontext=system_u:object_r:mailman_archive_t:s0 tclass=dir Oct 6 09:55:20 uclug kernel: type=1400 audit(1223301320.551:122815): avc: denied { getattr } for pid=7618 comm="python" path="/var/lib/mailman/archives" dev=dm-0 ino=196130 scontext=unconfined_u:system_r:mailman_mail_t:s0 tcontext=system_u:object_r:mailman_archive_t:s0 tclass=dir Oct 6 09:55:20 uclug kernel: type=1400 audit(1223301320.561:122816): avc: denied { search } for pid=7618 comm="python" name="httpd" dev=dm-0 ino=89761 scontext=unconfined_u:system_r:mailman_mail_t:s0 tcontext=system_u:object_r:httpd_config_t:s0 tclass=dir Oct 6 09:55:20 uclug kernel: type=1400 audit(1223301320.561:122817): avc: denied { search } for pid=7618 comm="python" name="httpd" dev=dm-0 ino=89761 scontext=unconfined_u:system_r:mailman_mail_t:s0 tcontext=system_u:object_r:httpd_config_t:s0 tclass=dir Oct 6 09:55:20 uclug kernel: type=1400 audit(1223301320.561:122818): avc: denied { add_name } for pid=7618 comm="python" name="attachments.lock.uclug.org.7618.5" scontext=unconfined_u:system_r:mailman_mail_t:s0 tcontext=system_u:object_r:mailman_archive_t:s0 tclass=dir Oct 6 09:55:21 uclug kernel: type=1400 audit(1223301321.968:122819): avc: denied { read append } for pid=7615 comm="python" name="uclug.mbox" dev=dm-0 ino=196659 scontext=unconfined_u:system_r:mailman_mail_t:s0 tcontext=unconfined_u:object_r:mailman_archive_t:s0 tclass=file module jlnmailmanlog4 1.0; require { type mailman_mail_t; type mailman_archive_t; type httpd_config_t; class dir { search getattr add_name }; class file { read append }; } require { type mailman_mail_t; type mailman_archive_t; type httpd_config_t; class dir { search getattr add_name }; class file { read append }; } #============= mailman_mail_t ============== allow mailman_mail_t httpd_config_t:dir search; allow mailman_mail_t mailman_archive_t:dir { getattr add_name }; allow mailman_mail_t mailman_archive_t:file { read append }; You have new mail in /var/spool/mail/root Fixed in selinux-policy-3.3.1-95.fc9.noarch Indeed this is fixed in -95 closing bug. |