mailman not confined

[Daniel J Walsh]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Chad Sellers wrote:
> On 3/28/08 2:08 AM, "Daniel J Walsh" <dwalsh at redhat.com> wrote:
> 
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Chad Sellers wrote:
>>> On F8 (as well as RHEL5 from the looks of things), it seems that mailman is
>>> not actually confined. The policy for it is compiled into the base module,
>>> but the transition never happens. So, mailmanctl and qrunner run in
>>> initrc_t. This looks like it is due to the fact that the default init script
>>> for mailman calls "/usr/bin/python /usr/lib/mailman/bin/mailmanctl" and
>>> "/usr/bin/python /usr/lib/mailman/bin/qrunner" rather than executing the
>>> scripts directly. The simple fix is to remove python from the init script.
>>> Anyone else noticing this problem? Any other ideas for a fix?
>>>
>>> Thanks,
>>> Chad Sellers
>>>
>>> --
>>> fedora-selinux-list mailing list
>>> fedora-selinux-list at redhat.com
>>> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>> Please open a bugzilla on it.
>>
>> Looks like it is correct in rawhide
>>
>>
>>  grep MAILMANCTL mailman
>> MAILMANCTL=$MAILMANHOME/bin/mailmanctl
>>     daemon $MAILMANCTL -s -q start
>>     daemon $MAILMANCTL -q stop
>>     $MAILMANCTL -q -u status
>>     $MAILMANCTL -u status
> 
> Hmmm, guess I should have checked bugzilla first. Looks like there's already
> a resolved bug (#350461) for this, which is why it's resolved in rawhide. I
> don't suppose this will get backported to RHEL5 in an update?
> 
> Thanks,
> Chad
> 
A customer Bugzilla is required to get it backported.  So open a
bugzilla and ask.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkftVbAACgkQrlYvE4MpobP+uQCg2nsDEnpKzZmqSPxV5cBpJ8Aa
A1cAnAige1IaYU9zfSemRkR+QBPv/xBq
=m1xk
-----END PGP SIGNATURE-----