<font face="courier new,monospace"><br></font><br><div class="gmail_quote">On Thu, Aug 25, 2011 at 12:20 PM, Marcos Luis Ortiz Valmaseda <span dir="ltr"><<a href="mailto:marcosluis2186@googlemail.com" target="_blank">marcosluis2186@googlemail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Well, test it and say the response to us.<br></blockquote><div><br>So the first issue was:<br>SELinux is preventing /usr/sbin/postalias from search access on the directory /etc/postfix.<br>
<br>It then complained (one at a time) about:<br>SELinux is preventing /usr/sbin/postalias from read access on the file /etc/postfix/<a href="http://main.cf" target="_blank">main.cf</a>.<br>SELinux is preventing /usr/sbin/postalias from open access on the file /etc/postfix/<a href="http://main.cf" target="_blank">main.cf</a>.<br>
SELinux is preventing /usr/sbin/postalias from getattr access on the file /etc/postfix/<a href="http://main.cf" target="_blank">main.cf</a>.<br><br>So I redid 'audit2allow' over and over to get past each problem.<br>
<br>...I can continue to do this, or disable SELinux, but I shouldn't have to,<br>
something else is wrong here. ;-(<br><br>Finally, I can now create a new mailing list.<br> </div><blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204, 204, 204);padding-left:1ex">
<br><div class="gmail_quote"><div><div></div><div>2011/8/25 Fulko Hew <span dir="ltr"><<a href="mailto:fulko.hew@gmail.com" target="_blank">fulko.hew@gmail.com</a>></span><br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div><div></div><div>
<font face="courier new,monospace"><br></font><br><div class="gmail_quote"><div>On Thu, Aug 25, 2011 at 12:13 PM, Marcos Luis Ortiz Valmaseda <span dir="ltr"><<a href="mailto:marcosluis2186@googlemail.com" target="_blank">marcosluis2186@googlemail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Can you provide the ls -Z of your content in /etc/mailman/aliases<br></blockquote></div><div><br> [root@netwatch log]# ls -Z /etc/mailman/aliases<br>
-rw-rw----. root mailman unconfined_u:object_r:mailman_data_t:s0 /etc/mailman/aliases<br><br></div><div><blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204, 204, 204);padding-left:1ex">
A advice:, use sealert to see a more human-readable approach to analyze the SELinux logs.<br></blockquote></div><div><br>While waiting for a response from the list... I had just (discovered and) done a:<br><br># grep postalias /var/log/audit/audit.log | audit2allow -M mypol<br>
# semodule -i mypol.pp<br><br>But I haven't tested it yet.<br> <br><br><br></div><div><blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204, 204, 204);padding-left:1ex">
<div class="gmail_quote">
<div><div></div><div>2011/8/25 Fulko Hew <span dir="ltr"><<a href="mailto:fulko.hew@gmail.com" target="_blank">fulko.hew@gmail.com</a>></span><br>
</div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div></div><div><font face="courier new,monospace">On Fedora 14, I am setting up postfix and mailman.<br>
<br>I had this working once, but I decided to yum erase postfix and mailman<br>
and redo the configuration to prove I knew how to recreate it.<br>
<br>Turns out I don't know how to recreate a working combination<br>because when creating a new list I now have mailman error log that<br>talks about:<br><br>command failed: /usr/sbin/postalias /etc/mailman/aliases (status: 1, Operation not permitted)<br>
<br>and a corresponding AVC error:<br><br>Aug 25 10:28:54 (null) (null): audit(1314282534.501:4326): avc: denied { search } for<br>pid=12121 comm=postalias name=postfix ino=295074 dev=dm-0<br>scontext=system_u:system_r:mailman_cgi_t:s0<br>
tcontext=system_u:object_r:postfix_etc_t:s0 tclass=dir<br><br>Suggestions?<br><font color="#888888"><br>Fulko</font></font><br></div></div></blockquote></div></blockquote></div></div>
</div></div></blockquote></div></blockquote></div>