mailman not confined
Chad Sellers
csellers at tresys.com
Fri Mar 28 14:46:46 UTC 2008
On 3/28/08 2:08 AM, "Daniel J Walsh" <dwalsh at redhat.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Chad Sellers wrote:
>> On F8 (as well as RHEL5 from the looks of things), it seems that mailman is
>> not actually confined. The policy for it is compiled into the base module,
>> but the transition never happens. So, mailmanctl and qrunner run in
>> initrc_t. This looks like it is due to the fact that the default init script
>> for mailman calls "/usr/bin/python /usr/lib/mailman/bin/mailmanctl" and
>> "/usr/bin/python /usr/lib/mailman/bin/qrunner" rather than executing the
>> scripts directly. The simple fix is to remove python from the init script.
>> Anyone else noticing this problem? Any other ideas for a fix?
>>
>> Thanks,
>> Chad Sellers
>>
>> --
>> fedora-selinux-list mailing list
>> fedora-selinux-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> Please open a bugzilla on it.
>
> Looks like it is correct in rawhide
>
>
> grep MAILMANCTL mailman
> MAILMANCTL=$MAILMANHOME/bin/mailmanctl
> daemon $MAILMANCTL -s -q start
> daemon $MAILMANCTL -q stop
> $MAILMANCTL -q -u status
> $MAILMANCTL -u status
Hmmm, guess I should have checked bugzilla first. Looks like there's already
a resolved bug (#350461) for this, which is why it's resolved in rawhide. I
don't suppose this will get backported to RHEL5 in an update?
Thanks,
Chad
More information about the fedora-selinux-list
mailing list