Bug 154916 - Mailman does not start under SELinux strict policy
Mailman does not start under SELinux strict policy
Product: Fedora
Classification: Fedora
Component: mailman (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Tomas Smetana
Depends On:
  Show dependency treegraph
Reported: 2005-04-14 16:29 EDT by John Dennis
Modified: 2008-08-02 19:40 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-06-20 06:53:37 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description John Dennis 2005-04-14 16:29:37 EDT
Note problem originally reported by:
David Hampton <hampton-rh@rainbolthampton.net>

Mailman does not start under SELinux strict policy

The mailman /etc/init.d script does this:

        python mailmanctl -s -q start

instead of just

        mailmanctl -s -q start

This prevents the domain_auto_trans rule in mailman.te from switching
domains from initrc_t to mailman_mail_t.
Comment 1 John Dennis 2005-04-14 16:35:50 EDT

This applies to FC3, FC4, and RHEL4

It is not sufficient to just remove python from the fron the command that
invokes mailmanctl (despite the fact mailmanctl has a python command interpreter
#! on the first line). This is because in the status mode mailmanctl wants to
write to the terminal, but the SELinux security policy has turned off tty access.

There are two possible solutions:

1) Capture the output from mailmanctl and echo it later, e.g.:

    STATUS=`$MAILMANCTL -u status`
    echo $STATUS

2) Once mailmanctl reports valid run status via its exit status, then get the
pid from /var/run/mailman, this way mailmanctl is not doing any "stdout"
Comment 2 Matthew Miller 2006-07-10 18:12:15 EDT
Fedora Core 3 is now maintained by the Fedora Legacy project for security
updates only. If this problem is a security issue, please reopen and
reassign to the Fedora Legacy product. If it is not a security issue and
hasn't been resolved in the current FC5 updates or in the FC6 test
release, reopen and change the version to match.

Thank you!

Note You need to log in before you can comment on or make changes to this bug.