I have stepped through the selinux authentication process with
mailman and the following work-around resolves the issue locally.
However, this or its equivalent probably should be rolled in to an
updated selinux-policy-targeted rpm for CentOS.
1. Install selinux-policy-targeted-sources
2. edit /etc/selinux/targeted/src/policy/domains/misc/local.te
3. Add the following lines to local.te
allow mailman_cgi_t file_t:dir search;
allow mailman_cgi_t file_t:dir write;
allow mailman_cgi_t file_t:dir add_name;
allow mailman_cgi_t file_t:dir create;
allow mailman_cgi_t file_t:file create;
allow mailman_cgi_t file_t:file { getattr write };
allow mailman_cgi_t file_t:file read;
allow mailman_cgi_t file_t:lnk_file create;
4. cd /etc/selinux/targeted/src/policy
5. make reload
6. http://<your server here>/mailman/create now works
--
*** e-mail is not a secure channel ***
mailto:byrnejb.<token>@harte-lyne.ca
James B. Byrne Harte & Lyne Limited
vox: +1 905 561 1241 9 Brockley Drive
fax: +1 905 561 0757 Hamilton, Ontario
<token> = hal Canada L8E 3C3
