Ivan wrote: > - the file /usr/lib/mailman/mail (which your script runs) appears to be > a SGID executable to group mailman which runs other [mailman] programs. [...] > ultimately this boils down to postfix_pipe being unable to execute > mailman. However, it isn't even able to invoke the python script. To make that work, does the policy need to allow postfix_pipe_t to run python? The python script isn't that complicated; I could rewrite it in C if necessary. I tried my hand at adding mailman rules to postfix.te: ifdef(`mailman.te', ` domain_auto_trans(postfix_pipe_t, mailman_exec_t, mailman_t) ') but that doesn't appear to work, possibly because mailman.te defines mailman_$1_t, and I don't have any idea what $1 is. Thanks, Eric [and thanks for putting up with my SELinux newbie questions!] -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
