Re: Mailman/Postfix execute_no_trans denial

Hash: SHA1

I wrote:
> When I get a moment I'll boot to FC5 and try changing the context to
> see what happens.

Changing the context on /usr/lib/mailman/mail/mailman from lib_t to
bin_t does get things further, and on to the next set of denials.

The avc messages:

May 22 20:06:36 localhost kernel: audit(1148342796.414:35): avc:  denied  { create } for  pid=9382 comm="python" scontext=user_u:system_r:postfix_local_t:s0 tcontext=user_u:system_r:postfix_local_t:s0 tclass=netlink_route_socket
May 22 20:06:36 localhost kernel: audit(1148342796.578:36): avc:  denied  { search } for  pid=9382 comm="python" name="log" dev=sda2 ino=489147 scontext=user_u:system_r:postfix_local_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=dir
May 22 20:06:36 localhost kernel: audit(1148342796.582:37): avc:  denied  { write } for  pid=9382 comm="python" name="in" dev=sda2 ino=491751 scontext=user_u:system_r:postfix_local_t:s0 tcontext=user_u:object_r:mailman_data_t:s0 tclass=dir

The postfix messages:

May 22 20:06:36 localhost postfix/pickup[9212]: 4CD6513687C: uid=500 from=<tmz>
May 22 20:06:36 localhost postfix/cleanup[9379]: 4CD6513687C: message-id=<20060523000636 GE9258 localhost localdomain>
May 22 20:06:36 localhost postfix/qmgr[9213]: 4CD6513687C: from=<tmz localhost localdomain>, size=463, nrcpt=1 (queue active)
May 22 20:06:36 localhost postfix/local[9381]: 4CD6513687C: to=<pgp-test localhost localdomain>, relay=local, delay=0, status=bounced (Command died with status 1: "/usr/lib/mailman/mail/mailman post pgp-test". Command output: Traceback (most recent call last):   File "/usr/lib/mailman/scripts/post", line 69, in ?     main()   File "/usr/lib/mailman/scripts/post", line 64, in main     tolist=1, _plaintext=1)   File "/usr/lib/mailman/Mailman/Queue/Switchboard.py", line 126, in enqueue     fp = open(tmpfile, 'w') IOError: [Errno 13] Permission denied: '/var/spool/mailman/in/1148342796.5827579+b203c4871f8a8269deaef98890980ed0bff9cedb.pck.tmp' )
May 22 20:06:36 localhost postfix/cleanup[9379]: 989B4136A2C: message-id=<20060523000636 989B4136A2C localhost localdomain>

I'm not sure whether it's worth trying to chase every denial down this
path or if there is a better fix that can be applied.

- -- 
Todd        OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp
life, n.: A whim of several billion cells to be you for a while.

Version: GnuPG v1.4.3 (GNU/Linux)
Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl.


