mailman doesn't receive messages from sendmail on fresh F8 install

Daniel J Walsh dwalsh at redhat.com
Tue Feb 19 22:03:34 UTC 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Edward Kuns wrote:
> On Tue, 2008-02-19 at 14:00 -0500, Daniel J Walsh wrote:
>> if you
>>
>> chcon -t mailman_mail_exec_t /usr/lib/mailman/mail/mailman
>>
>> Does it work?
> 
> Yes, I assume so, as there is no output complaining that it failed, and:
> 
> # ls -lZ /usr/lib/mailman/mail/mailman
> -rwxr-sr-x  root mailman
> system_u:object_r:mailman_mail_exec_t:s0 /usr/lib/mailman/mail/mailman
> 
>> Ok could you run
>>
>> # grep mailman /var/log/audit/audit.log | audit2allow -M mymailman
>> # semodule -i mymailman.pp
> 
> Thanks.  This appears to have fixed the problem.  I have not
> exhaustively tested, but everything appears to be working now.  I see
> that there is a mymailman.te file created as a result of the above.
> This file contains the text:
> 
> 
> module mymailman 1.0;
> 
> require {
> 	type sendmail_t;
> 	type mailman_log_t;
> 	type mailman_data_t;
> 	class dir { write remove_name search add_name };
> 	class file { write rename getattr read create append };
> }
> 
> #============= sendmail_t ==============
> allow sendmail_t mailman_data_t:dir { write remove_name add_name };
> allow sendmail_t mailman_data_t:file { write rename getattr create };
> allow sendmail_t mailman_log_t:dir search;
> allow sendmail_t mailman_log_t:file { read getattr append };
> 
> 
> Am I the first to try to get mailman and sendmail working together under
> selinux with Fedora?  Either way, something resembling the above should
> probably become a default policy, as, if I'm the first I won't be the
> last!    What can I do to help refine the above into a genuine and
> genuinely useful policy?
> 
> I am clearly still learning about selinux!
> 
> 	Thanks,
> 
> 	Eddie
> 
Check to see if the relabel worked without the module

# semodule -r mymailman

Now try it again.  This should work without AVC messages





-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAke7UjYACgkQrlYvE4MpobPabwCeMBF9Sc1d98dVL9+W3rFmWshw
CA8AnisU+qObDiR5js/iFjkBN2khZvV1
=o13c
-----END PGP SIGNATURE-----

More information about the fedora-selinux-list mailing list