fedora-selinux February 2008 archive
Main Archive Page > Month Archives  > fedora-selinux archives
fedora-selinux: Re: mailman doesn't receive messages from sendma

Re: mailman doesn't receive messages from sendmail on fresh F8 install

From: Edward Kuns <ekuns_at_nospam>
Date: Tue Feb 19 2008 - 20:50:01 GMT
To: fedora-selinux-list@redhat.com

On Tue, 2008-02-19 at 14:00 -0500, Daniel J Walsh wrote:
> if you
> chcon -t mailman_mail_exec_t /usr/lib/mailman/mail/mailman
> Does it work?

Yes, I assume so, as there is no output complaining that it failed, and:

# ls -lZ /usr/lib/mailman/mail/mailman
-rwxr-sr-x root mailman
system_u:object_r:mailman_mail_exec_t:s0 /usr/lib/mailman/mail/mailman

> Ok could you run
> # grep mailman /var/log/audit/audit.log | audit2allow -M mymailman
> # semodule -i mymailman.pp

Thanks. This appears to have fixed the problem. I have not exhaustively tested, but everything appears to be working now. I see that there is a mymailman.te file created as a result of the above. This file contains the text:

module mymailman 1.0;

require { type sendmail_t; type mailman_log_t; type mailman_data_t; class dir { write remove_name search add_name }; class file { write rename getattr read create append }; }

#============= sendmail_t ============== allow sendmail_t mailman_data_t:dir { write remove_name add_name }; allow sendmail_t mailman_data_t:file { write rename getattr create }; allow sendmail_t mailman_log_t:dir search; allow sendmail_t mailman_log_t:file { read getattr append };

Am I the first to try to get mailman and sendmail working together under selinux with Fedora? Either way, something resembling the above should probably become a default policy, as, if I'm the first I won't be the last! What can I do to help refine the above into a genuine and genuinely useful policy?

I am clearly still learning about selinux!


        Eddie -- Edward Kuns <ekuns@kilroy.chi.il.us> -- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list