Bug 461892 - Mailman can't write to archives due to selinux
Mailman can't write to archives due to selinux
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-09-11 04:52 EDT by Sergio Pascual
Modified: 2008-09-24 04:10 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-09-23 15:40:46 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Local policy (828 bytes, text/plain)
2008-09-11 07:01 EDT, Sergio Pascual
no flags Details
Audit log (6.69 KB, text/plain)
2008-09-12 03:29 EDT, Sergio Pascual
no flags Details
Denials related with mailman and crontab (1.22 KB, application/octet-stream)
2008-09-12 06:09 EDT, Sergio Pascual
no flags Details

  None (edit)
Description Sergio Pascual 2008-09-11 04:52:44 EDT
I have installed mailman and every time that a message should go to the list archives, selinux blocks it.

mailman-2.1.9-10.fc9.i386
selinux-policy-targeted-3.3.1-84.fc9.noarch

I get this alarm in setroubleshoot every time a mila should go to archives

SELinux is preventing python (mailman_mail_t) "search" to ./archives (mailman_archive_t). 

I have run restorecon in /var/spool/mailman/archives but nothing changes


Audit messages:
host=myhost type=AVC msg=audit(1221120072.447:132182): avc: denied { search } for pid=5761 comm="python" name="archives" dev=dm-0 ino=386754 scontext=unconfined_u:system_r:mailman_mail_t:s0 tcontext=system_u:object_r:mailman_archive_t:s0 tclass=dir 

host=myhost type=SYSCALL msg=audit(1221120072.447:132182): arch=40000003 syscall=10 success=no exit=-13 a0=9a844b0 a1=0 a2=2124574 a3=97661b8 items=0 ppid=5755 pid=5761 auid=603 uid=41 gid=41 euid=41 suid=41 fsuid=41 egid=41 sgid=41 fsgid=41 tty=(none) ses=6553 comm="python" exe="/usr/bin/python" subj=unconfined_u:system_r:mailman_mail_t:s0 key=(null)
Comment 1 Sergio Pascual 2008-09-11 07:01:13 EDT
Created attachment 316420 [details]
Local policy

the following local policy allows me to have working mailman archives
Comment 2 Daniel Walsh 2008-09-11 13:46:32 EDT
Could you attach the avc's used to generate this policy.
Comment 3 Sergio Pascual 2008-09-12 03:29:48 EDT
Created attachment 316541 [details]
Audit log

This file doesn't include avc to create the rules related with 
type mailman_queue_t;

The rule is needed by the mailman cron and I can't get it at the moment
Comment 4 Sergio Pascual 2008-09-12 06:09:17 EDT
Created attachment 316557 [details]
Denials related with mailman and crontab
Comment 5 Daniel Walsh 2008-09-23 15:40:46 EDT
Fixed in selinux-policy-3.5.8-6.fc10.noarch
Comment 6 Sergio Pascual 2008-09-24 04:10:41 EDT
Can this be backported to fedora 9?

Note You need to log in before you can comment on or make changes to this bug.