This one's weird, because I could have sworn it was working on F17, but all of a sudden, on my system with unconfined disabled, exim can't do any mailman things. See many AVCs at http://paste.fedoraproject.org/32211/52828213/raw/ This: sudo chcon -R -t mailman_mail_exec_t /usr/lib/mailman/bin seems to fix the problem entirely, although I'm still waiting to see if that's actually true. -Robin
No, that doesn't do it either; so far, even with that chcon (they were bin_t before, and restorecon puts them back to bin_t), audit2allow wants me to do the following, so far: allow exim_t mailman_data_t:file { write rename create }; allow exim_t mailman_log_t:file { read open }; mailman_manage_data_files(exim_t) allow mailman_cgi_t httpd_t:tcp_socket { read write }; Like I said, this was all working; something weird happened, I think. -Robin
Robin please send us the raw avc data.
I did, that's the link in my first post. Here's another one: http://paste.fedoraproject.org/32446/37660633/raw/ That's everything in the last 24 hours or so that matches AVC and "mailman" in the audit log. For most of that time it was in permissive mode. -Robin
Ok I added fixes for exim, but this one seems a little strange. type=AVC msg=audit(08/15/2013 08:00:05.856:139507) : avc: denied { write } for pid=25173 comm=checkdbs name=data dev="vdb1" ino=21 scontext=system_u:system_r:mailman_queue_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_t:s0 tclass=dir Do you know where the data directory is?
fd70013686ddf347ea89ebeae7e43e6fba83dd55 fixes the other problems in git.
That's /srv/mailman/data ; my own thing, obviously, but I've done fcontext tweaks: rlpowell@stodi> sudo ls -dlZ /srv drwxr-xr-x. root root system_u:object_r:var_t:s0 /srv rlpowell@stodi> sudo ls -dlZ /srv/mailman drwxrwsr-x. root mailman system_u:object_r:mailman_data_t:s0 /srv/mailman rlpowell@stodi> sudo ls -dlZ /srv/mailman/data drwxrwsr-x. root mailman system_u:object_r:mailman_data_t:s0 /srv/mailman/data rlpowell@stodi> sudo semanage fcontext -l | grep /srv/mailm /srv/mailman(/.*)? all files system_u:object_r:mailman_data_t:s0 /srv/mailman/archives(/.*)? all files system_u:object_r:mailman_archive_t:s0 -Robin
How do I access the git so I can put up a local version of your changes? I've been running with setenforce 0 -_- -Robin
Miroslav should be doing a new build on Monday, he is back from Vacation. Then you can get it from Koji or wait for updates-testing.
selinux-policy-3.12.1-71.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/selinux-policy-3.12.1-71.fc19
Package selinux-policy-3.12.1-71.fc19: * should fix your issue, * was pushed to the Fedora 19 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-71.fc19' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-15088/selinux-policy-3.12.1-71.fc19 then log in and leave karma (feedback).
Much better! Thank you!
selinux-policy-3.12.1-71.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.