crond/mailman, .... Rawhide issues....[FIX?]
Russell Coker
russell at coker.com.au
Sat Aug 14 07:52:50 UTC 2004
On Sat, 14 Aug 2004 03:59, "t l" <concert at europe.com> wrote:
> These changes seem to make crond/mailman happy:
>
> allow system_crond_t mailman_lock_t:dir rw_dir_perms;
> allow system_crond_t mailman_lock_t:file create_file_perms;
> allow system_crond_t mailman_log_t:file { append read };
The problem with this is that it removes the entire point of having a policy
for mailman.
> Subject: Cron <mailman fedora> /usr/bin/python
-S /var/mailman/cron/gate_news
Above is the real problem. /usr/bin/python is run instead
of /var/mailman/cron/gate_news.
I presume that python is specified on the command-line to give the -S option.
From the python man page:
-S Disable the import of the module site and the site-dependent
manipulations of sys.path that it entails.
If we make the first line of each python script be:
#!/usr/bin/python -S
Then the "/usr/bin/python -S" part can be removed and a domain_auto_trans()
rule will take place and run things in the right domain.
Also the mailman.fc file was missing some things. I've attached a revised
version (untested) which should work better.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
-------------- next part --------------
# mailman list server
/var/log/mailman(/.*)? system_u:object_r:mailman_log_t
ifdef(`debian', `
/usr/lib/cgi-bin/mailman/.* -- system_u:object_r:mailman_cgi_exec_t
/usr/lib/mailman/cron/.* -- system_u:object_r:mailman_queue_exec_t
/usr/lib/mailman/mail/wrapper -- system_u:object_r:mailman_mail_exec_t
/usr/mailman/mail/wrapper -- system_u:object_r:mailman_mail_exec_t
/var/lib/mailman(/.*)? system_u:object_r:mailman_data_t
/var/lib/mailman/archives(/.*)? system_u:object_r:mailman_archive_t
/etc/cron\.daily/mailman -- system_u:object_r:mailman_queue_exec_t
/etc/cron\.monthly/mailman -- system_u:object_r:mailman_queue_exec_t
')
ifdef(`redhat', `
/var/mailman/cgi-bin/.* -- system_u:object_r:mailman_cgi_exec_t
/var/mailman/data(/.*)? system_u:object_r:mailman_data_t
/var/mailman/locks(/.*)? system_u:object_r:mailman_lock_t
/var/mailman/cron -d system_u:object_r:bin_t
/var/mailman/cron/.+ -- system_u:object_r:mailman_queue_exec_t
/var/mailman/archives(/.*)? system_u:object_r:mailman_archive_t
/var/mailman/scripts/mailman -- system_u:object_r:mailman_mail_exec_t
/var/mailman/bin/qrunner -- system_u:object_r:mailman_queue_exec_t
/var/mailman/cgi-bin/.* -- system_u:object_r:mailman_cgi_exec_t
/var/mailman/mail/mailman -- system_u:object_r:mailman_mail_exec_t
')
More information about the fedora-selinux-list
mailing list