Description of problem: When A mailman list is created in the web interface I get the error : Bug in Mailman version 2.1.14 We're sorry, we hit a bug! The list is ``half created : it appears in mailman, it can be administrated but the mails are not send to list users they are silentyl dropped in a black hole. Disableing selinux is a workaround Version-Release number of selected component (if applicable): Mailman 2.1.14 selinux last update (19/august/2012) How reproducible: always Steps to Reproduce: 1. install mailman and postfix (see installing mailman with postfix in additional info for detail) 2. create a list in mailman web interface Expected results: create a list must work Additional info: The bug is related to the permission, as shown in logs: RuntimeError: command failed: /usr/sbin/postalias /etc/mailman/aliases (status: 1, Operation not permitted This is a selinux mess : setenforce 0 is a workaround --- permissions--- ll -Z /usr/sbin/postalias -rwxr-xr-x. root root system_u:object_r:postfix_master_exec_t:s0 /usr/sbin/postalias ll -Z /etc/mailman/aliases -rw-rw----. root mailman system_u:object_r:mailman_data_t:s0 /etc/mailman/aliases --- installing mailman with postfix--- PASSWD=xxxx yyum -y install mailman postfix chkconfig mailman on service mailman restart mailman-update-cfg /usr/lib/mailman/bin/mmsitepass $PASSWD nano /usr/lib/mailman/Mailman/mm_cfg.py #ADD (at the end of file) : MTA = 'Postfix' #ADD (at the end of file) : OWNERS_CAN_DELETE_THEIR_OWN_LISTS = 'yes' /usr/lib/mailman/bin/genaliases chmod g+w /etc/mailman/aliases* nano /etc/postfix/main.cf #APPEND (at the end of line : alias_maps=xxx) ,hash:/etc/mailman/aliases newaliases postfix reload service postfix restart service mailman restart nano /etc/httpd/conf.d/mailman.conf #EDIT last line for redirection service httpd restart firefox https://somewhere.com/mailman/create --- cat /var/log/mailman/error --- Aug 19 12:56:48 2012 (1209) command failed: /usr/sbin/postalias /etc/mailman/aliases (status: 1, Operation not permitted) Aug 19 12:56:48 2012 admin(1209): @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ admin(1209): [----- Mailman Version: 2.1.14 -----] admin(1209): [----- Traceback ------] admin(1209): Traceback (most recent call last): admin(1209): File "/usr/lib/mailman/scripts/driver", line 112, in run_main admin(1209): main() admin(1209): File "/usr/lib/mailman/Mailman/Cgi/create.py", line 56, in main admin(1209): process_request(doc, cgidata) admin(1209): File "/usr/lib/mailman/Mailman/Cgi/create.py", line 239, in process_request admin(1209): sys.modules[modname].create(mlist, cgi=1) admin(1209): File "/usr/lib/mailman/Mailman/MTA/Postfix.py", line 238, in create admin(1209): _update_maps() admin(1209): File "/usr/lib/mailman/Mailman/MTA/Postfix.py", line 53, in _update_maps admin(1209): raise RuntimeError, msg % (acmd, status, errstr) admin(1209): RuntimeError: command failed: /usr/sbin/postalias /etc/mailman/aliases (status: 1, Operation not permitted) admin(1209): [----- Python Information -----] admin(1209): sys.version = 2.7.3 (default, Jul 24 2012, 10:05:38) [GCC 4.7.0 20120507 (Red Hat 4.7.0-5)] admin(1209): sys.executable = /usr/bin/python admin(1209): sys.prefix = /usr admin(1209): sys.exec_prefix = /usr admin(1209): sys.path = ['/usr/lib/mailman/pythonlib', '/usr/lib/mailman', '/usr/lib/mailman/scripts', '/usr/lib/mailman', '/usr/lib64/python27.zip', '/usr/lib64/python2.7/', '/usr/lib64/python2.7/plat-linux2', '/usr/lib64/python2.7/lib-tk', '/usr/lib64/python2.7/lib-old', '/usr/lib64/python2.7/lib-dynload', '/usr/lib/python2.7/site-packages'] admin(1209): sys.platform = linux2 admin(1209): [----- Environment Variables -----] admin(1209): HTTP_COOKIE: mailman+admin=28020000006983393050732800000033663265343132316331393266393337663930376165643231373831353336623962356466666563; agromots+admin=280200000069183d3050732800000062306463313137663866613136396666613232333861663638353262303439326461366263613635; rando+admin=280200000069cc3d3050732800000034663335326136396337333262396464313563326339656331313366333866323535656233663331; theatre+admin=280200000069ef3d3050732800000062663161333835333266643066623037353865343437393632336534343433653436373632636265; zeppelin+admin=280200000069093e3050732800000030366463336637323636343436613333623233323535663665363436653834323964616531376239; tous+admin=280200000069233e3050732800000063393239633362383333336661366630346134386530313862643264326334356362313533376139; niac+admin=280200000069193f3050732800000066623765313265666533653235643937336461663330666166346365636139303461396632363231; aa9+admin=280200000069d2513050732800000061396530626332633065633531613861373662336332646165363835656431663732396538626666 admin(1209): SERVER_SOFTWARE: Apache/2.2.22 (Fedora) admin(1209): SCRIPT_NAME: /mailman/create admin(1209): SERVER_SIGNATURE: <address>Apache/2.2.22 (Fedora) Server at tentacule.be Port 443</address> admin(1209): admin(1209): REQUEST_METHOD: POST admin(1209): SERVER_PROTOCOL: HTTP/1.1 admin(1209): QUERY_STRING: admin(1209): SSL_TLS_SNI: tentacule.be admin(1209): CONTENT_LENGTH: 133 admin(1209): HTTP_USER_AGENT: Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20100101 Firefox/12.0 admin(1209): HTTP_CONNECTION: keep-alive admin(1209): HTTP_REFERER: https://tentacule.be/mailman/create admin(1209): SERVER_NAME: tentacule.be admin(1209): REMOTE_ADDR: 192.168.0.250 admin(1209): SERVER_PORT: 443 admin(1209): SERVER_ADDR: 192.168.0.1 admin(1209): DOCUMENT_ROOT: /var/www/html admin(1209): PYTHONPATH: /usr/lib/mailman admin(1209): SCRIPT_FILENAME: /usr/lib/mailman/cgi-bin/create admin(1209): SERVER_ADMIN: root@localhost admin(1209): HTTP_DNT: 1 admin(1209): HTTP_HOST: tentacule.be admin(1209): HTTPS: on admin(1209): REQUEST_URI: /mailman/create admin(1209): HTTP_ACCEPT: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 admin(1209): PERL5LIB: /usr/share/awstats/lib:/usr/share/awstats/plugins admin(1209): GATEWAY_INTERFACE: CGI/1.1 admin(1209): REMOTE_PORT: 39861 admin(1209): HTTP_ACCEPT_LANGUAGE: fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3 admin(1209): CONTENT_TYPE: application/x-www-form-urlencoded admin(1209): HTTP_ACCEPT_ENCODING: gzip, deflate [root@tentacule ~]# ^C
Thank you, I'm able to reproduce it. This is relevant AVC from selinux log: type=AVC msg=audit(1345459913.882:111): avc: denied { search } for pid=7852 comm="postalias" name="postfix" dev="dm-1" ino=177968 scontext=system_u:system_r:mailman_cgi_t:s0 tcontext=system_u:object_r:postfix_etc_t:s0 tclass=dir I think new rule should be created in selinux-policy to allow this behaviour. Changing component to selinux-policy.
If you create new list with Mailman configure with Postfix, "/usr/sbin/postalias" and "/usr/sbin/postmap" scripts all called by mailman.
Added.
selinux-policy-3.10.0-149.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/selinux-policy-3.10.0-149.fc17
Package selinux-policy-3.10.0-149.fc17: * should fix your issue, * was pushed to the Fedora 17 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.10.0-149.fc17' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-14301/selinux-policy-3.10.0-149.fc17 then log in and leave karma (feedback).
selinux-policy-3.10.0-149.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
Works for me, thank you very much!