mailman doesn't receive messages from sendmail on fresh F8 install
Daniel J Walsh
dwalsh at redhat.com
Tue Feb 19 22:03:34 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Edward Kuns wrote:
> On Tue, 2008-02-19 at 14:00 -0500, Daniel J Walsh wrote:
>> if you
>>
>> chcon -t mailman_mail_exec_t /usr/lib/mailman/mail/mailman
>>
>> Does it work?
>
> Yes, I assume so, as there is no output complaining that it failed, and:
>
> # ls -lZ /usr/lib/mailman/mail/mailman
> -rwxr-sr-x root mailman
> system_u:object_r:mailman_mail_exec_t:s0 /usr/lib/mailman/mail/mailman
>
>> Ok could you run
>>
>> # grep mailman /var/log/audit/audit.log | audit2allow -M mymailman
>> # semodule -i mymailman.pp
>
> Thanks. This appears to have fixed the problem. I have not
> exhaustively tested, but everything appears to be working now. I see
> that there is a mymailman.te file created as a result of the above.
> This file contains the text:
>
>
> module mymailman 1.0;
>
> require {
> type sendmail_t;
> type mailman_log_t;
> type mailman_data_t;
> class dir { write remove_name search add_name };
> class file { write rename getattr read create append };
> }
>
> #============= sendmail_t ==============
> allow sendmail_t mailman_data_t:dir { write remove_name add_name };
> allow sendmail_t mailman_data_t:file { write rename getattr create };
> allow sendmail_t mailman_log_t:dir search;
> allow sendmail_t mailman_log_t:file { read getattr append };
>
>
> Am I the first to try to get mailman and sendmail working together under
> selinux with Fedora? Either way, something resembling the above should
> probably become a default policy, as, if I'm the first I won't be the
> last! What can I do to help refine the above into a genuine and
> genuinely useful policy?
>
> I am clearly still learning about selinux!
>
> Thanks,
>
> Eddie
>
Check to see if the relabel worked without the module
# semodule -r mymailman
Now try it again. This should work without AVC messages
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAke7UjYACgkQrlYvE4MpobPabwCeMBF9Sc1d98dVL9+W3rFmWshw
CA8AnisU+qObDiR5js/iFjkBN2khZvV1
=o13c
-----END PGP SIGNATURE-----
More information about the fedora-selinux-list
mailing list