Bug 151550 - avc: denial while trying to create a new list via the web interface
avc: denial while trying to create a new list via the web interface
Status: CLOSED DUPLICATE of bug 146890
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: selinux-policy-targeted (Show other bugs)
4.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-03-19 01:50 EST by Ben Levenson
Modified: 2007-11-30 17:07 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-03-19 12:11:36 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Ben Levenson 2005-03-19 01:50:23 EST
Description of problem:
audit(1111187682.841:0): avc:  denied  { create } for  pid=11305
exe=/usr/bin/python name=before-upgrade-web.mbox
scontext=root:system_r:mailman_cgi_t tcontext=root:object_r:mailman_archive_t
tclass=dir

adding this to local.te fixes it:
allow mailman_cgi_t mailman_archive_t:dir create;

Version-Release number of selected component (if applicable):
mailman-2.1.5-31.rhel4.i386
selinux-policy-targeted-1.17.30-2.52.1.noarch

Steps to Reproduce:
1. follow the INSTALL.REDHAT directions provided with mailman
2. after setup is complete, try to create a list via the web interface
3. you'll get the traceback below, and the avc denail above
  
Actual results:
resulting python traceback:
Traceback (most recent call last):
  File "/usr/lib/mailman/scripts/driver", line 87, in run_main
    main()
  File "/usr/lib/mailman/Mailman/Cgi/create.py", line 55, in main
    process_request(doc, cgidata)
  File "/usr/lib/mailman/Mailman/Cgi/create.py", line 187, in process_request
    mlist.Create(listname, owner, pw, langs, emailhost)
  File "/usr/lib/mailman/Mailman/MailList.py", line 457, in Create
    self.InitVars(name, admin, crypted_password)
  File "/usr/lib/mailman/Mailman/MailList.py", line 372, in InitVars
    baseclass.InitVars(self)
  File "/usr/lib/mailman/Mailman/Archiver/Archiver.py", line 95, in InitVars
    os.mkdir(self.archive_dir()+'.mbox', 02775)
OSError: [Errno 13] Permission denied:
'/var/lib/mailman/archives/private/another-test.mbox'

Additional info:
Creating a new list from the command line works as expected.
Comment 1 Daniel Walsh 2005-03-19 01:58:28 EST
Please try the policy in 

ftp://people.redhat.com/dwalsh/RHEL4/(selinux_policy_targeted* and policycoreutils)

These will be in U1.
Comment 2 Daniel Walsh 2005-03-19 02:02:10 EST
Make that
ftp://people.redhat.com/dwalsh/SELinux/RHEL4
Comment 3 Ben Levenson 2005-03-19 12:11:36 EST
The problem goes away with the U1 packages.
duping against bug 146890.

*** This bug has been marked as a duplicate of 146890 ***

Note You need to log in before you can comment on or make changes to this bug.