Description of problem: On a freshly installed system (testing under CentOS), mailman is not able to update its archives. audit.log contains messages like: type=AVC msg=audit(1229707095.625:82): avc: denied { search } for pid=3973 comm="python" name="archives" dev=hda2 ino=224254 scontext=root:system_r:mail man_mail_t:s0 tcontext=system_u:object_r:mailman_archive_t:s0 tclass=dir The source and target contexts look correct. I believe that archiving was probably overlooked when bug 350511 was fixed. I was able to restore functionality by entering permissive mode and using audit2allow to generate this policy: module localMailman 1.0; require { type mailman_mail_t; type mailman_archive_t; class lnk_file create; class dir { write search remove_name create getattr add_name }; class file { setattr read create write getattr link unlink append }; } #============= mailman_mail_t ============== allow mailman_mail_t mailman_archive_t:dir { write search remove_name create getattr add_name }; allow mailman_mail_t mailman_archive_t:file { setattr read create write getattr link unlink append }; allow mailman_mail_t mailman_archive_t:lnk_file create; Version-Release number of selected component (if applicable): mailman-2.1.9-4.el5 selinux-policy-2.4.6-137.1.el5 How reproducible: Always Steps to Reproduce: 1. Configure mailman according to /usr/share/doc/mailman-2.1.9/INSTALL.REDHAT 2. Send message 3. Check audit.log
Fixed in U3 policy selinux-policy-2.4.6-203.el5.src.rpm Preview available on http://people.redhat.com/dwalsh/SELinux/RHEL5