Mailman/Postfix execute_no_trans denial
Todd Zullinger
tmz at pobox.com
Mon May 22 20:54:32 UTC 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Paul Howarth wrote:
> On Sun, 2006-05-21 at 16:58 -0400, Todd Zullinger wrote:
[...]
>> Here's the avc denial I get:
>>
>> audit(1148242843.454:41): avc: denied { execute_no_trans } for pid=27763 comm="local" name="mailman" dev=sda2 ino=163878 scontext=user_u:system_r:postfix_local_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file
>>
>> I read a thread from a month or so back where another fellow was using
>> mailman and postfix, but he was using the postfix-to-mailman-2.1.py
>> script for integration.
>
> This looks similar to issues I had running scripts from procmail. I
> wonder if the script you're running here should be bin_t rather than
> lib_t?
I supposed it might help if I posted the error from postfix. :)
May 21 15:28:35 localhost postfix/pickup[26079]: 8DBFC28076: uid=500 from=<tmz>
May 21 15:28:35 localhost postfix/cleanup[26290]: 8DBFC28076: message-id=<20060521192835.8DBFC28076 at localhost.localdomain>
May 21 15:28:35 localhost postfix/qmgr[26080]: 8DBFC28076: from=<tmz at localhost.localdomain>, size=325, nrcpt=1 (queue active)
May 21 15:28:35 localhost local[26399]: fatal: execvp /usr/lib/mailman/mail/mailman: Permission denied
May 21 15:28:36 localhost postfix/local[26291]: 8DBFC28076: to=<pgp-test at localhost.localdomain>, orig_to=<pgp-test>, relay=local, delay=1, status=bounced (Command died with status 1: "/usr/lib/mailman/mail/mailman post pgp-test")
M
Does this still seem similar to the procmail issue you were seeing
Paul? I know that postfix tries to execute commands run via aliases
as the user which owns the alias file and I am guessing that's what's
causing the problem here.
Would changing /usr/lib/mailman/mail/mailman from lib_t to bin_t
negatively affect those using mailman with Sendmail as their MTA?
When I get a moment I'll boot to FC5 and try changing the context to
see what happens.
Thanks for the response.
- --
Todd OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp
======================================================================
The income tax created more criminals than any other single act of
government.
-- Sen. Barry M. Goldwater, 1989
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl.
iG0EARECAC0FAkRyJQgmGGh0dHA6Ly93d3cucG9ib3guY29tL350bXovcGdwL3Rt
ei5hc2MACgkQuv+09NZUB1oRAwCgvTaIhXkbhs2tGOL/SB8oOYVizDAAoN72TPb6
GVSit9lb/WzfA0lmi6td
=2Vuv
-----END PGP SIGNATURE-----
More information about the fedora-selinux-list
mailing list