On Wed, Oct 19, 2005 at 09:57:07AM -0400, Daniel J Walsh wrote:
> Tim Fenn wrote:
> >I recently installed mailman on my FC3 box (using the redhat based
> >RPMs), and it seems to be working just fine, except for the numerous
> >avc messages it cranks out whenever I run one of the cgi scripts
> >associated with mailman (e.g. via the web interface):
> >
> >Oct 19 00:34:21 agora kernel: audit(1129707261.236:212): avc: denied
> >{ search } for pid=18761 comm="listinfo" name="run" dev=sda1
> >ino=1294372 scontext=root:system_r:mailman_cgi_t tcontext=system_
> >u:object_r:var_run_t tclass=dir
> >
>
> Why would mailman listinfo be searching /var/log directory?
>
Well, I get the same errors with mailmanctl:
./mailmanctl status
yields no output, and the following errors:
Oct 19 13:22:39 agora kernel: audit(1129753359.647:314): avc: denied
{ read write } for pid=20837 comm="mailmanctl" name="3" dev=devpts
ino=5 scontext=root:system_r:mailman_mail_t
tcontext=root:object_r:devpts_t tclass=chr_file
Oct 19 13:22:39 agora kernel: audit(1129753359.694:318): avc: denied
{ search } for pid=20837 comm="mailmanctl" name="run" dev=sda1
ino=1294372 scontext=root:system_r:mailman_mail_t
tcontext=system_u:object_r:var_run_t tclass=dir
Oct 19 13:22:39 agora kernel: audit(1129753359.802:322): avc: denied
{ setgid } for pid=20837 comm="mailmanctl" capability=6
scontext=root:system_r:mailman_mail_t
tcontext=root:system_r:mailman_mail_t tclass=capability
However, if I comment out:
from Mailman.Logging.Syslog import syslog
in the mailmanctl script, all is well:
# ./mailmanctl status
mailman (pid 17677) is running...
and no error messages. I would assume the same is true with the
cgi-bin scripts, such as listinfo. Should I file a bugzilla report?
Regards,
Tim
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
