Re: Mailman/Postfix execute_no_trans denial

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I wrote: Changing the context on /usr/lib/mailman/mail/mailman from lib_t to bin_t does get things further, and on to the next set of denials. The avc messages: May 22 20:06:36 localhost kernel: audit(1148342796.414:35): avc: denied { create } for pid=9382 comm="python" scontext=user_u:system_r:postfix_local_t:s0 tcontext=user_u:system_r:postfix_local_t:s0 tclass=netlink_route_socket May 22 20:06:36 localhost kernel: audit(1148342796.578:36): avc: denied { search } for pid=9382 comm="python" name="log" dev=sda2 ino=489147 scontext=user_u:system_r:postfix_local_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=dir May 22 20:06:36 localhost kernel: audit(1148342796.582:37): avc: denied { write } for pid=9382 comm="python" name="in" dev=sda2 ino=491751 scontext=user_u:system_r:postfix_local_t:s0 tcontext=user_u:object_r:mailman_data_t:s0 tclass=dir The postfix messages: May 22 20:06:36 localhost postfix/pickup[9212]: 4CD6513687C: uid=500 from=<tmz> May 22 20:06:36 localhost postfix/cleanup[9379]: 4CD6513687C: message-id=&lt;20060523000636.GE9258(a)localhost.localdomain&gt; May 22 20:06:36 localhost postfix/qmgr[9213]: 4CD6513687C: from=&lt;tmz(a)localhost.localdomain&gt;, size=463, nrcpt=1 (queue active) May 22 20:06:36 localhost postfix/local[9381]: 4CD6513687C: to=&lt;pgp-test(a)localhost.localdomain&gt;, relay=local, delay=0, status=bounced (Command died with status 1: "/usr/lib/mailman/mail/mailman post pgp-test". Command output: Traceback (most recent call last): File "/usr/lib/mailman/scripts/post", line 69, in ? main() File "/usr/lib/mailman/scripts/post", line 64, in main tolist=1, _plaintext=1) File "/usr/lib/mailman/Mailman/Queue/Switchboard.py", line 126, in enqueue fp = open(tmpfile, 'w') IOError: [Errno 13] Permission denied: '/var/spool/mailman/in/1148342796.5827579+b203c4871f8a8269deaef98890980ed0bff9cedb.pck.tmp' ) May 22 20:06:36 localhost postfix/cleanup[9379]: 989B4136A2C: message-id=&lt;20060523000636.989B4136A2C(a)localhost.localdomain&gt; I'm not sure whether it's worth trying to chase every denial down this path or if there is a better fix that can be applied. - -- Todd OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp ====================================================================== life, n.: A whim of several billion cells to be you for a while.