Re: mailman cgi-bin denied search

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Tim Fenn wrote:

On Wed, Oct 19, 2005 at 09:57:07AM -0400, Daniel J Walsh wrote:

Tim Fenn wrote:

I recently installed mailman on my FC3 box (using the redhat based
RPMs), and it seems to be working just fine, except for the numerous
avc messages it cranks out whenever I run one of the cgi scripts
associated with mailman (e.g. via the web interface):

Oct 19 00:34:21 agora kernel: audit(1129707261.236:212): avc:  denied
{ search } for  pid=18761 comm="listinfo" name="run" dev=sda1
ino=1294372 scontext=root:system_r:mailman_cgi_t tcontext=system_
u:object_r:var_run_t tclass=dir


Why would mailman listinfo be searching /var/log directory?



Well, I get the same errors with mailmanctl:

./mailmanctl status

yields no output, and the following errors:
Oct 19 13:22:39 agora kernel: audit(1129753359.647:314): avc:  denied
{ read write } for  pid=20837 comm="mailmanctl" name="3" dev=devpts
ino=5 scontext=root:system_r:mailman_mail_t
tcontext=root:object_r:devpts_t tclass=chr_file
Oct 19 13:22:39 agora kernel: audit(1129753359.694:318): avc:  denied
{ search } for  pid=20837 comm="mailmanctl" name="run" dev=sda1
ino=1294372 scontext=root:system_r:mailman_mail_t
tcontext=system_u:object_r:var_run_t tclass=dir
Oct 19 13:22:39 agora kernel: audit(1129753359.802:322): avc:  denied
{ setgid } for  pid=20837 comm="mailmanctl" capability=6
scontext=root:system_r:mailman_mail_t
tcontext=root:system_r:mailman_mail_t tclass=capability

However, if I comment out:

from Mailman.Logging.Syslog import syslog

in the mailmanctl script, all is well:

# ./mailmanctl status
mailman (pid 17677) is running...

and no error messages.  I would assume the same is true with the
cgi-bin scripts, such as listinfo.  Should I file a bugzilla report?

Regards,
Tim
Yes. submit a bug. Although generating these in FC4 would be far more interesting. Also do these AVC messages cause problems or are they just being reported. No output from the script is fixed in FC4. 



--


--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux