Mailman/Postfix execute_no_trans denial
Todd Zullinger
tmz at pobox.com
Sun May 21 20:58:17 UTC 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
I installed an FC5 system a few days ago and was testing mailman with
postfix. I've run into a problem when trying to send messages to any
I've created. SELinux is running in Enforcing mode. Setting it to
permissive allows list posts to go through.
Here's the avc denial I get:
audit(1148242843.454:41): avc: denied { execute_no_trans } for pid=27763 comm="local" name="mailman" dev=sda2 ino=163878 scontext=user_u:system_r:postfix_local_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file
I read a thread from a month or so back where another fellow was using
mailman and postfix, but he was using the postfix-to-mailman-2.1.py
script for integration.
I am using mailman's builtin postfix integration by specifying
MTA='Postfix' in /etc/mailman/mm_cfg.py. This lets mailman create the
proper list aliases automatically on list creation. In
/etc/postfix/main.cf, hash:/etc/mailman/aliases is added to the
alias_maps parameter.
I'm not very familiar with selinux, so I'm unsure whether this is a
problem requiring a change in file context(s), a policy tweak, or
both. Could someone tap me in the right direction with the cluestick?
$ rpm -qa mailman postfix selinux-policy\*
selinux-policy-targeted-2.2.38-1.fc5
selinux-policy-2.2.38-1.fc5
postfix-2.2.8-1.2
mailman-2.1.7-1.2
Thanks,
- --
Todd OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp
======================================================================
Honesty is the best policy, but insanity is a better defense.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl.
iGwEARECAC0FAkRw1GkmGGh0dHA6Ly93d3cucG9ib3guY29tL350bXovcGdwL3Rt
ei5hc2MACgkQuv+09NZUB1qDmgCY9oSS1Uj/9dj6yMEftzCljdLZOACfcX1SDI5E
dhxBfD88LYbgA4vEX2A=
=/+Fu
-----END PGP SIGNATURE-----
More information about the fedora-selinux-list
mailing list