Ivan wrote:
- the file /usr/lib/mailman/mail (which your script runs) appears to
be
a SGID executable to group mailman which runs other [mailman] programs.
[...]
ultimately this boils down to postfix_pipe being unable to execute
mailman.
However, it isn't even able to invoke the python script. To make that
work, does the policy need to allow postfix_pipe_t to run python?
The python script isn't that complicated; I could rewrite it in C if
necessary.
I tried my hand at adding mailman rules to postfix.te:
ifdef(`mailman.te', `
domain_auto_trans(postfix_pipe_t, mailman_exec_t, mailman_t)
')
but that doesn't appear to work, possibly because mailman.te defines
mailman_$1_t, and I don't have any idea what $1 is.
Thanks,
Eric
[and thanks for putting up with my SELinux newbie questions!]