This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 430639 - Stopping mailman causes Permission denied and AVC
Stopping mailman causes Permission denied and AVC
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: selinux-policy (Show other bugs)
5.2
All Linux
medium Severity high
: rc
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-01-29 04:40 EST by Michal Nowak
Modified: 2015-04-27 04:47 EDT (History)
1 user (show)

See Also:
Fixed In Version: RHBA-2008-0465
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-05-21 12:06:38 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Michal Nowak 2008-01-29 04:40:32 EST
Description of problem:

Stopping service mailman causes "Permission denied" and AVC.

Version-Release number of selected component (if applicable):

(both recent - to be in RHEL-5.2.0)

mailman-2.1.9-4.el5.ia64
selinux-policy-2.4.6-116.el5.noarch

Actual results: AVC

Expected results: Stopped mailman, no processes running


AVC:

.qa.[root@ia64-5s-1-m1 tps]# /etc/init.d/mailman start
Starting mailman:                                          [  OK  ]

.qa.[root@ia64-5s-1-m1 tps]# /etc/init.d/mailman stop
Shutting down mailman: Traceback (most recent call last):
  File "/usr/lib/mailman/bin/mailmanctl", line 607, in ?
    main()
  File "/usr/lib/mailman/bin/mailmanctl", line 404, in main
    kill_watcher(signal.SIGTERM)
  File "/usr/lib/mailman/bin/mailmanctl", line 160, in kill_watcher
    os.kill(pid, sig)
OSError: [Errno 13] Permission denied
                                                           [FAILED]

.qa.[root@ia64-5s-1-m1 tps]# ausearch -m avc -ts recent
----
time->Tue Jan 29 04:22:18 2008
type=SYSCALL msg=audit(1201598538.441:41829): arch=c0000032 syscall=1053
success=no exit=-13 a0=460 a1=f a2=60000ffffffe353c a3=60000ffffffe3538 items=0
ppid=1139 pid=1140 auid=0 uid=41 gid=41 euid=41 suid=41 fsuid=41 egid=41 sgid=41
fsgid=41 tty=pts2 comm="mailmanctl" exe="/usr/bin/python"
subj=root:system_r:mailman_mail_t:s0 key=(null)
type=AVC msg=audit(1201598538.441:41829): avc:  denied  { signal } for  pid=1140
comm="mailmanctl" scontext=root:system_r:mailman_mail_t:s0
tcontext=root:system_r:mailman_mail_t:s0 tclass=process

.qa.[root@ia64-5s-1-m1 tps]# ps aux | grep python
mailman   1120  0.0  0.1  81696 10544 ?        Ss   04:21   0:00 /usr/bin/python
/usr/lib/mailman/bin/mailmanctl -s -q start
mailman   1126  0.1  0.1  81536 15056 ?        S    04:21   0:00 /usr/bin/python
/usr/lib/mailman/bin/qrunner --runner=ArchRunner:0:1 -s
mailman   1127  0.1  0.1  81648 15120 ?        S    04:21   0:00 /usr/bin/python
/usr/lib/mailman/bin/qrunner --runner=BounceRunner:0:1 -s
mailman   1128  0.1  0.1  81504 15088 ?        S    04:21   0:00 /usr/bin/python
/usr/lib/mailman/bin/qrunner --runner=CommandRunner:0:1 -s
mailman   1129  0.1  0.1  81552 15072 ?        S    04:21   0:00 /usr/bin/python
/usr/lib/mailman/bin/qrunner --runner=IncomingRunner:0:1 -s
mailman   1130  0.1  0.1  81520 15104 ?        S    04:21   0:00 /usr/bin/python
/usr/lib/mailman/bin/qrunner --runner=NewsRunner:0:1 -s
mailman   1131  0.1  0.1  81616 15216 ?        S    04:21   0:00 /usr/bin/python
/usr/lib/mailman/bin/qrunner --runner=OutgoingRunner:0:1 -s
mailman   1132  0.1  0.1  81520 15072 ?        S    04:21   0:00 /usr/bin/python
/usr/lib/mailman/bin/qrunner --runner=VirginRunner:0:1 -s
mailman   1133  0.1  0.1  81520 15056 ?        S    04:21   0:00 /usr/bin/python
/usr/lib/mailman/bin/qrunner --runner=RetryRunner:0:1 -s
root      1181  0.0  0.0  61280  1776 pts/2    S+   04:25   0:00 grep python
root      2930  0.0  0.0  75056  3616 ?        S<s  Jan20   0:04 python
/sbin/audispd
root      3436  0.0  0.0  82192  2784 ?        S    Jan20   0:00 python ./hpssd.py
root     28571  0.0  0.1 147344 10640 ?        S    Jan22   0:07 /usr/bin/python
-E /usr/bin/sealert -s

.qa.[root@ia64-5s-1-m1 tps]# fixfiles -R mailman check


Note:

mailman-2.1.9-2.ia64 is OK in stopping, this AVC is probably caused by the
change of way of starting in init script.
Comment 1 Daniel Walsh 2008-01-29 09:39:50 EST
Yes this is caused by the upgrade to a newer version.

Fixed in selinux-policy-2.4.6-117.el5

So we are going to need this bug approved to get this package into the errata.
Comment 2 RHEL Product and Program Management 2008-01-29 09:45:25 EST
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 5 Michal Nowak 2008-01-30 02:48:27 EST
Thanks for, as usual, quick response. Confirmed working.
Comment 8 errata-xmlrpc 2008-05-21 12:06:38 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2008-0465.html

Note You need to log in before you can comment on or make changes to this bug.