Red Hat Bugzilla – Bug 484328
Policy prevents mailman from reading Mailman python files
Last modified: 2009-02-12 09:44:51 EST
Description of problem:
Running Fedora-10, I installed mailman, performed a minimal configuration, and then when I tried to run it I got an SELinux violation. In particular, mailmanctl (mailman_mail_t) could not write to "./Mailman" (lib_t). And indeed, ls -lZ /usr/lib/mailman/Mailman gives:
Version-Release number of selected component (if applicable):
Seems to be 100%
Steps to Reproduce:
1. yum install mailman
2. /etc/init.d/mailman start
3. watch the audit logs
Mailman seems to fail.
Mailman should work.
Actually, I think the problem is that I modified /usr/lib/mailman/Mailman/mm_cfg.py as per the mailman instructions to contain my local configuration and this failure is that mailman cannot WRITE to the directory to write out the new compiled pyc file.
The problem here is python is trying to write optimized code.
You can just execute
And that should write the code and then mailman will no longer try to write the code.
The real problem here is the cfg file being python.
did not write out a python /usr/lib/mailman/Mailman/mm_cfg.pyc or python /usr/lib/mailman/Mailman/mm_cfg.pyo
Yes, it would be nicer if the cfg file wasn't python, but that's a different issue.
Aha, but this worked:
python -c 'import py_compile; py_compile.compile("/usr/lib/mailman/Mailman/mm_cfg.py")'
OK, I created a script "mailman-update-cfg" with the contents of Comment #5 and left a note in "mm_cfg.py", that if you use SELinux, you have to run this script as root after you change the file