Here's the AVCs I've gotten from performing various mailman operations over an extended period on a host freshly upgraded to F28. "unconfined" is disabled. rlpowell@stodi> grep -h -i exim ~/scratch/avcs_mailman* | sed -r -e 's; msg=\S+: ; ;' -e 's; ino=[0-9]+ ; ;' -e 's; pid=[0-9]+ ; ;' | sort | uniq -c | sort -n 1 type=AVC avc: denied { map } for comm="mailman" path="/usr/lib/mailman/mail/mailman" dev="vdb" scontext=staff_u:staff_r:exim_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file permissive=1 3 type=AVC avc: denied { map } for comm="sendmail" path="/usr/sbin/exim" dev="vdb" scontext=system_u:system_r:sendmail_t:s0 tcontext=system_u:object_r:exim_exec_t:s0 tclass=file permissive=1 11 type=AVC avc: denied { map } for comm="mailman" path="/usr/lib/mailman/mail/mailman" dev="vdb" scontext=system_u:system_r:exim_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file permissive=1 407 type=AVC avc: denied { map } for comm="mailman" path="/usr/lib/mailman/mail/mailman" dev="vdb" scontext=system_u:system_r:exim_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file permissive=0 rlpowell@stodi> grep -h -i exim ~/scratch/avcs_mailman* | sed -r -e 's; msg=\S+: ; ;' -e 's; ino=[0-9]+ ; ;' -e 's; pid=[0-9]+ ; ;' | sort | uniq | audit2allow -R require { type sendmail_t; type exim_exec_t; type exim_t; class file map; } #============= exim_t ============== corecmd_mmap_bin_files(exim_t) #============= sendmail_t ============== allow sendmail_t exim_exec_t:file map;
selinux-policy-3.14.1-36.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-1050fb248b
selinux-policy-3.14.1-36.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-1050fb248b
selinux-policy-3.14.1-36.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.
Does not work for me. With: selinux-policy.noarch 3.14.1-37.fc28 @updates I still get: type=AVC msg=audit(1534138701.077:2429370): avc: denied { map } for pid=15419 comm="mailman" path="/usr/lib/mailman/mail/mailman" dev="vdb" ino=50913060 scontext=staff_u:staff_r:exim_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file permissive=0 when I try to send mail to a mailman mailing list on my system.
selinux-policy-3.14.1-42.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-2d1b09d217
selinux-policy-3.14.1-42.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-2d1b09d217
selinux-policy-3.14.1-42.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.
Looks good!