-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I wrote:
When I get a moment I'll boot to FC5 and try changing the context
to
see what happens.
Changing the context on /usr/lib/mailman/mail/mailman from lib_t to
bin_t does get things further, and on to the next set of denials.
The avc messages:
May 22 20:06:36 localhost kernel: audit(1148342796.414:35): avc: denied { create } for
pid=9382 comm="python" scontext=user_u:system_r:postfix_local_t:s0
tcontext=user_u:system_r:postfix_local_t:s0 tclass=netlink_route_socket
May 22 20:06:36 localhost kernel: audit(1148342796.578:36): avc: denied { search } for
pid=9382 comm="python" name="log" dev=sda2 ino=489147
scontext=user_u:system_r:postfix_local_t:s0 tcontext=system_u:object_r:var_log_t:s0
tclass=dir
May 22 20:06:36 localhost kernel: audit(1148342796.582:37): avc: denied { write } for
pid=9382 comm="python" name="in" dev=sda2 ino=491751
scontext=user_u:system_r:postfix_local_t:s0 tcontext=user_u:object_r:mailman_data_t:s0
tclass=dir
The postfix messages:
May 22 20:06:36 localhost postfix/pickup[9212]: 4CD6513687C: uid=500 from=<tmz>
May 22 20:06:36 localhost postfix/cleanup[9379]: 4CD6513687C:
message-id=<20060523000636.GE9258(a)localhost.localdomain>
May 22 20:06:36 localhost postfix/qmgr[9213]: 4CD6513687C:
from=<tmz(a)localhost.localdomain>, size=463, nrcpt=1 (queue active)
May 22 20:06:36 localhost postfix/local[9381]: 4CD6513687C:
to=<pgp-test(a)localhost.localdomain>, relay=local, delay=0, status=bounced (Command
died with status 1: "/usr/lib/mailman/mail/mailman post pgp-test". Command
output: Traceback (most recent call last): File
"/usr/lib/mailman/scripts/post", line 69, in ? main() File
"/usr/lib/mailman/scripts/post", line 64, in main tolist=1, _plaintext=1)
File "/usr/lib/mailman/Mailman/Queue/Switchboard.py", line 126, in enqueue
fp = open(tmpfile, 'w') IOError: [Errno 13] Permission denied:
'/var/spool/mailman/in/1148342796.5827579+b203c4871f8a8269deaef98890980ed0bff9cedb.pck.tmp'
)
May 22 20:06:36 localhost postfix/cleanup[9379]: 989B4136A2C:
message-id=<20060523000636.989B4136A2C(a)localhost.localdomain>
I'm not sure whether it's worth trying to chase every denial down this
path or if there is a better fix that can be applied.
- --
Todd OpenPGP -> KeyID: 0xD654075A | URL:
www.pobox.com/~tmz/pgp
======================================================================
life, n.: A whim of several billion cells to be you for a while.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl.
iG0EARECAC0FAkRyVKUmGGh0dHA6Ly93d3cucG9ib3guY29tL350bXovcGdwL3Rt
ei5hc2MACgkQuv+09NZUB1rmngCfc27XjGsipxCQBzLedxAVxAgyz0MAn3CMcE4l
5SzqENSLqmG001dYT4id
=Ts1k
-----END PGP SIGNATURE-----