Re: crond/mailman, .... Rawhide issues....[FIX?]

"t l" <concert@xxxxxxxxxx> · Fri, 13 Aug 2004 09:59:44 -0800

These changes seem to make crond/mailman happy:

allow system_crond_t mailman_lock_t:dir rw_dir_perms;
allow system_crond_t mailman_lock_t:file create_file_perms;
allow system_crond_t mailman_log_t:file { append read };

tom

* From: Tom London <selinux comcast net>

Latest stuff from Rawhide: crond/mailman issues again....

Here is the email (I got lots of these!):

Subject: Cron <mailman fedora> /usr/bin/python -S /var/mailman/cron/gate_news
X-Cron-Env: <SHELL=/bin/sh>
X-Cron-Env: <HOME=/var/mailman>
X-Cron-Env: <PATH=/usr/bin:/bin>
X-Cron-Env: <LOGNAME=mailman>
X-Cron-Env: <USER=mailman>

Traceback (most recent call last):
File "/var/mailman/cron/gate_news", line 284, in ?
main()
File "/var/mailman/cron/gate_news", line 259, in main
lock.lock(timeout=0.5)
File "/var/mailman/Mailman/LockFile.py", line 243, in lock
self.__write()
File "/var/mailman/Mailman/LockFile.py", line 422, in __write
fp = open(self.__tmpfname, 'w')
IOError: [Errno 13] Permission denied: '/var/mailman/locks/gate_news.lock.fedora.XXX.3986.0'

Here are the AVCs:

Aug 13 08:35:01 fedora crond(pam_unix)[4065]: session opened for user mailman by (uid=0)
Aug 13 08:35:01 fedora crond(pam_unix)[4068]: session opened for user root by (uid=0)
Aug 13 08:35:02 fedora kernel: audit(1092411302.395:0): avc: denied { read append } for pid=4067 exe=/usr/bin/python name=error dev=hda2 ino=442471 scontext=system_u:system_r:system_crond_t tcontext=system_u:object_r:mailman_log_t tclass=file
Aug 13 08:35:02 fedora kernel: audit(1092411302.397:0): avc: denied { write } for pid=4067 exe=/usr/bin/python name=locks dev=hda2 ino=442718 scontext=system_u:system_r:system_crond_t tcontext=system_u:object_r:mailman_lock_t tclass=dir
Aug 13 08:35:02 fedora crond(pam_unix)[4068]: session closed for user root
Aug 13 08:35:04 fedora crond(pam_unix)[4065]: session closed for user mailman

audit2allow produces:
allow system_crond_t mailman_lock_t:dir { write };
allow system_crond_t mailman_log_t:file { append read };

That right, (or have I broken something else)?
  tom

[BTW, booleans now get loaded. Neat!]
-- 
___________________________________________________________
Sign-up for Ads Free at Mail.com
http://promo.mail.com/adsfreejump.htm