mailman not confined
Daniel J Walsh
dwalsh at redhat.com
Fri Mar 28 20:31:44 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Chad Sellers wrote:
> On 3/28/08 2:08 AM, "Daniel J Walsh" <dwalsh at redhat.com> wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Chad Sellers wrote:
>>> On F8 (as well as RHEL5 from the looks of things), it seems that mailman is
>>> not actually confined. The policy for it is compiled into the base module,
>>> but the transition never happens. So, mailmanctl and qrunner run in
>>> initrc_t. This looks like it is due to the fact that the default init script
>>> for mailman calls "/usr/bin/python /usr/lib/mailman/bin/mailmanctl" and
>>> "/usr/bin/python /usr/lib/mailman/bin/qrunner" rather than executing the
>>> scripts directly. The simple fix is to remove python from the init script.
>>> Anyone else noticing this problem? Any other ideas for a fix?
>>>
>>> Thanks,
>>> Chad Sellers
>>>
>>> --
>>> fedora-selinux-list mailing list
>>> fedora-selinux-list at redhat.com
>>> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>> Please open a bugzilla on it.
>>
>> Looks like it is correct in rawhide
>>
>>
>> grep MAILMANCTL mailman
>> MAILMANCTL=$MAILMANHOME/bin/mailmanctl
>> daemon $MAILMANCTL -s -q start
>> daemon $MAILMANCTL -q stop
>> $MAILMANCTL -q -u status
>> $MAILMANCTL -u status
>
> Hmmm, guess I should have checked bugzilla first. Looks like there's already
> a resolved bug (#350461) for this, which is why it's resolved in rawhide. I
> don't suppose this will get backported to RHEL5 in an update?
>
> Thanks,
> Chad
>
A customer Bugzilla is required to get it backported. So open a
bugzilla and ask.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkftVbAACgkQrlYvE4MpobP+uQCg2nsDEnpKzZmqSPxV5cBpJ8Aa
A1cAnAige1IaYU9zfSemRkR+QBPv/xBq
=m1xk
-----END PGP SIGNATURE-----
More information about the fedora-selinux-list
mailing list