I stepped through the (entire?) selinux authentication process with mailman using audit2allow and the following work-around resolves the issue locally. However, the local.te policies that result, or their more restrictive equivalents, probably should be rolled in to an updated selinux-policy-targeted rpm for CentOS or submitted to the upstream maintainers for inclusion with the base. 1. Install selinux-policy-targeted-sources 2. Attempt to create a mailing list using mailman web interface. 3. Run # audit2allow -l -i /var/log/messages 4. Record policy change and edit: /etc/selinux/targeted/src/policy/domains/misc/local.te appropriately. 4. cd /etc/selinux/targeted/src/policy 5. make reload 6. Iterate steps 2 to 5 until step 2 works. In our case this process required the following lines added to local.te # needed to create a mailman list through web interface allow mailman_cgi_t file_t:dir search; allow mailman_cgi_t file_t:dir write; allow mailman_cgi_t file_t:dir add_name; allow mailman_cgi_t file_t:dir create; allow mailman_cgi_t file_t:file create; allow mailman_cgi_t file_t:file { getattr write }; allow mailman_cgi_t file_t:file read; allow mailman_cgi_t file_t:lnk_file create; # needed to allow web access to mailman archives allow httpd_t file_t:dir { getattr search }; allow httpd_t file_t:lnk_file { getattr read }; allow httpd_t file_t:dir read; allow httpd_t file_t:file getattr; allow httpd_t file_t:file read; 7. http://<your server here>/mailman/create now works and web archives are available to view (presuming that you have properly reconfigured /etc/httpd/conf.d/mailman.conf for your mailman server. -- *** e-mail is not a secure channel *** mailto:byrnejb.<token>@harte-lyne.ca James B. Byrne Harte & Lyne Limited vox: +1 905 561 1241 9 Brockley Drive fax: +1 905 561 0757 Hamilton, Ontario <token> = hal Canada L8E 3C3