Bug 484328 - Policy prevents mailman from reading Mailman python files
Policy prevents mailman from reading Mailman python files
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: mailman (Show other bugs)
10
All Linux
low Severity medium
: ---
: ---
Assigned To: Daniel Novotny
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-02-05 22:41 EST by Derek Atkins
Modified: 2009-02-12 09:44 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-02-12 09:44:51 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Derek Atkins 2009-02-05 22:41:11 EST
Description of problem:

Running Fedora-10, I installed mailman, performed a minimal configuration, and then when I tried to run it I got an SELinux violation.  In particular, mailmanctl (mailman_mail_t) could not write to "./Mailman" (lib_t).  And indeed, ls -lZ /usr/lib/mailman/Mailman gives:

   system_u:object_r:lib_t:s0


Version-Release number of selected component (if applicable):

mailman-2.1.11-3.fc10.i386
selinux-policy-targeted-3.5.13-40.fc10.noarch

How reproducible:

Seems to be 100%

Steps to Reproduce:
1. yum install mailman
2. /etc/init.d/mailman start
3. watch the audit logs
  
Actual results:

Mailman seems to fail.

Expected results:

Mailman should work.

Additional info:
Comment 1 Derek Atkins 2009-02-05 22:45:21 EST
Actually, I think the problem is that I modified /usr/lib/mailman/Mailman/mm_cfg.py as per the mailman instructions to contain my local configuration and this failure is that mailman cannot WRITE to the directory to write out the new compiled pyc file.
Comment 2 Daniel Walsh 2009-02-06 13:47:49 EST
The problem here  is python is trying to write optimized code.

You can just execute 

python /usr/lib/mailman/Mailman/mm_cfg.py 

And that should write the code and then mailman will no longer try to write the code.
Comment 3 Daniel Walsh 2009-02-06 13:51:52 EST
The real problem here is the cfg file being python.
Comment 4 Derek Atkins 2009-02-06 14:22:32 EST
Unfortunately running:

python /usr/lib/mailman/Mailman/mm_cfg.py 

did not write out a python /usr/lib/mailman/Mailman/mm_cfg.pyc or python /usr/lib/mailman/Mailman/mm_cfg.pyo

Yes, it would be nicer if the cfg file wasn't python, but that's a different issue.
Comment 5 Derek Atkins 2009-02-06 14:43:48 EST
Aha, but this worked:

python -c 'import py_compile; py_compile.compile("/usr/lib/mailman/Mailman/mm_cfg.py")'
Comment 6 Daniel Novotny 2009-02-12 09:44:51 EST
OK, I created a script "mailman-update-cfg" with the contents of Comment #5 and left a note in "mm_cfg.py", that if you use SELinux, you have to run this script as root after you change the file

Note You need to log in before you can comment on or make changes to this bug.