Description of problem: Running Fedora-10, I installed mailman, performed a minimal configuration, and then when I tried to run it I got an SELinux violation. In particular, mailmanctl (mailman_mail_t) could not write to "./Mailman" (lib_t). And indeed, ls -lZ /usr/lib/mailman/Mailman gives: system_u:object_r:lib_t:s0 Version-Release number of selected component (if applicable): mailman-2.1.11-3.fc10.i386 selinux-policy-targeted-3.5.13-40.fc10.noarch How reproducible: Seems to be 100% Steps to Reproduce: 1. yum install mailman 2. /etc/init.d/mailman start 3. watch the audit logs Actual results: Mailman seems to fail. Expected results: Mailman should work. Additional info:
Actually, I think the problem is that I modified /usr/lib/mailman/Mailman/mm_cfg.py as per the mailman instructions to contain my local configuration and this failure is that mailman cannot WRITE to the directory to write out the new compiled pyc file.
The problem here is python is trying to write optimized code. You can just execute python /usr/lib/mailman/Mailman/mm_cfg.py And that should write the code and then mailman will no longer try to write the code.
The real problem here is the cfg file being python.
Unfortunately running: python /usr/lib/mailman/Mailman/mm_cfg.py did not write out a python /usr/lib/mailman/Mailman/mm_cfg.pyc or python /usr/lib/mailman/Mailman/mm_cfg.pyo Yes, it would be nicer if the cfg file wasn't python, but that's a different issue.
Aha, but this worked: python -c 'import py_compile; py_compile.compile("/usr/lib/mailman/Mailman/mm_cfg.py")'
OK, I created a script "mailman-update-cfg" with the contents of Comment #5 and left a note in "mm_cfg.py", that if you use SELinux, you have to run this script as root after you change the file