Note problem originally reported by:
David Hampton <email@example.com>
Mailman does not start under SELinux strict policy
The mailman /etc/init.d script does this:
python mailmanctl -s -q start
instead of just
mailmanctl -s -q start
This prevents the domain_auto_trans rule in mailman.te from switching
domains from initrc_t to mailman_mail_t.
This applies to FC3, FC4, and RHEL4
It is not sufficient to just remove python from the fron the command that
invokes mailmanctl (despite the fact mailmanctl has a python command interpreter
#! on the first line). This is because in the status mode mailmanctl wants to
write to the terminal, but the SELinux security policy has turned off tty access.
There are two possible solutions:
1) Capture the output from mailmanctl and echo it later, e.g.:
STATUS=`$MAILMANCTL -u status`
2) Once mailmanctl reports valid run status via its exit status, then get the
pid from /var/run/mailman, this way mailmanctl is not doing any "stdout"
Fedora Core 3 is now maintained by the Fedora Legacy project for security
updates only. If this problem is a security issue, please reopen and
reassign to the Fedora Legacy product. If it is not a security issue and
hasn't been resolved in the current FC5 updates or in the FC6 test
release, reopen and change the version to match.