I freshly installed F8 on a new box, then copied the mailman and
sendmail configuration over from the old box. I made sure everything
was labeled correctly with "restorecon -r -v /etc" and the same for /var
where mailman lives.
The web pages work, but if I try to send a message to any list, I get
SELinux alerts that prevent the message from going through. I don't
believe I was using selinux on the old machine. I know I could just set
selinux to permissive mode and this would probably work, but I'd rather
understand what the problem is and fix it.
Below are the selinux complaints generated from trying to send to the
mailman test list on my server:
Any ideas on what I can do to fix this? I've been googling for a couple
hours and haven't found anything that fits this situation exactly.
Thanks
Eddie
Summary
SELinux is preventing python (sendmail_t) "search" to <Unknown>
(mailman_log_t).
Detailed Description
SELinux denied access requested by python. It is not expected that
this
access is required by python and this access may signal an intrusion
attempt. It is also possible that the specific version or
configuration of
the application is causing it to require additional access.
Allowing Access
Sometimes labeling problems can cause SELinux denials. You could
try to
restore the default system file context for <Unknown>, restorecon -v
<Unknown> If this does not work, there is currently no automatic way
to
allow this access. Instead, you can generate a local policy module
to allow
this access - see
http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385
Or you can disable SELinux protection altogether. Disabling SELinux
protection is not recommended. Please file a
http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this
package.
Additional Information
Source Context system_u:system_r:sendmail_t:s0
Target Context system_u:object_r:mailman_log_t:s0
Target Objects None [ dir ]
Affected RPM Packages
Policy RPM selinux-policy-3.0.8-84.fc8
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name plugins.catchall_file
Host Name kilroy.chi.il.us
Platform Linux kilroy.chi.il.us 2.6.23.15-137.fc8
#1 SMP
Sun Feb 10 17:48:34 EST 2008 i686 i686
Alert Count 15
First Seen Mon 18 Feb 2008 09:18:28 AM CST
Last Seen Mon 18 Feb 2008 01:06:39 PM CST
Local ID 78d260f8-f1d3-49b3-bea6-bc0cc400735c
Line Numbers
Raw Audit Messages
avc: denied { search } for comm=python dev=dm-2 egid=41 euid=8
exe=/usr/bin/python exit=-13 fsgid=41 fsuid=8 gid=41 items=0
name=mailman
pid=12198 scontext=system_u:system_r:sendmail_t:s0 sgid=41
subj=system_u:system_r:sendmail_t:s0 suid=8 tclass=dir
tcontext=system_u:object_r:mailman_log_t:s0 tty=(none) uid=8
Summary
SELinux is preventing python (sendmail_t) "getattr" to
/var/lib/mailman/lists/mailman/config.pck (mailman_data_t).
Detailed Description
SELinux denied access requested by python. It is not expected that
this
access is required by python and this access may signal an intrusion
attempt. It is also possible that the specific version or
configuration of
the application is causing it to require additional access.
Allowing Access
Sometimes labeling problems can cause SELinux denials. You could
try to
restore the default system file context for
/var/lib/mailman/lists/mailman/config.pck, restorecon -v
/var/lib/mailman/lists/mailman/config.pck If this does not work,
there is
currently no automatic way to allow this access. Instead, you can
generate
a local policy module to allow this access - see
http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can
disable
SELinux protection altogether. Disabling SELinux protection is not
recommended. Please file a
http://bugzilla.redhat.com/bugzilla/enter_bug.cgi
against this package.
Additional Information
Source Context system_u:system_r:sendmail_t:s0
Target Context system_u:object_r:mailman_data_t:s0
Target Objects /var/lib/mailman/lists/mailman/config.pck
[ file ]
Affected RPM Packages
Policy RPM selinux-policy-3.0.8-84.fc8
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name plugins.catchall_file
Host Name kilroy.chi.il.us
Platform Linux kilroy.chi.il.us 2.6.23.15-137.fc8
#1 SMP
Sun Feb 10 17:48:34 EST 2008 i686 i686
Alert Count 1
First Seen Mon 18 Feb 2008 01:06:39 PM CST
Last Seen Mon 18 Feb 2008 01:06:39 PM CST
Local ID 5d954998-3826-4af2-9569-0295ae134c27
Line Numbers
Raw Audit Messages
avc: denied { getattr } for comm=python dev=dm-2 egid=41 euid=8
exe=/usr/bin/python exit=-13 fsgid=41 fsuid=8 gid=41 items=0
path=/var/lib/mailman/lists/mailman/config.pck pid=12198
scontext=system_u:system_r:sendmail_t:s0 sgid=41
subj=system_u:system_r:sendmail_t:s0 suid=8 tclass=file
tcontext=system_u:object_r:mailman_data_t:s0 tty=(none) uid=8
Summary
SELinux is preventing python (sendmail_t) "getattr" to
/var/lib/mailman/lists/mailman/config.pck.last (mailman_data_t).
Detailed Description
SELinux denied access requested by python. It is not expected that
this
access is required by python and this access may signal an intrusion
attempt. It is also possible that the specific version or
configuration of
the application is causing it to require additional access.
Allowing Access
Sometimes labeling problems can cause SELinux denials. You could
try to
restore the default system file context for
/var/lib/mailman/lists/mailman/config.pck.last, restorecon -v
/var/lib/mailman/lists/mailman/config.pck.last If this does not
work, there
is currently no automatic way to allow this access. Instead, you
can
generate a local policy module to allow this access - see
http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can
disable
SELinux protection altogether. Disabling SELinux protection is not
recommended. Please file a
http://bugzilla.redhat.com/bugzilla/enter_bug.cgi
against this package.
Additional Information
Source Context system_u:system_r:sendmail_t:s0
Target Context system_u:object_r:mailman_data_t:s0
Target
Objects /var/lib/mailman/lists/mailman/config.pck.last [
file ]
Affected RPM Packages
Policy RPM selinux-policy-3.0.8-84.fc8
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name plugins.catchall_file
Host Name kilroy.chi.il.us
Platform Linux kilroy.chi.il.us 2.6.23.15-137.fc8
#1 SMP
Sun Feb 10 17:48:34 EST 2008 i686 i686
Alert Count 1
First Seen Mon 18 Feb 2008 01:06:39 PM CST
Last Seen Mon 18 Feb 2008 01:06:39 PM CST
Local ID 37d2b949-06bf-4cb0-845e-6aa41a16076c
Line Numbers
Raw Audit Messages
avc: denied { getattr } for comm=python dev=dm-2 egid=41 euid=8
exe=/usr/bin/python exit=-13 fsgid=41 fsuid=8 gid=41 items=0
path=/var/lib/mailman/lists/mailman/config.pck.last pid=12198
scontext=system_u:system_r:sendmail_t:s0 sgid=41
subj=system_u:system_r:sendmail_t:s0 suid=8 tclass=file
tcontext=system_u:object_r:mailman_data_t:s0 tty=(none) uid=8
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
