On Sat, 14 Aug 2004 03:59, "t l" <concert(a)europe.com> wrote:
These changes seem to make crond/mailman happy:
allow system_crond_t mailman_lock_t:dir rw_dir_perms;
allow system_crond_t mailman_lock_t:file create_file_perms;
allow system_crond_t mailman_log_t:file { append read };
The problem with this is that it removes the entire point of having a policy
for mailman.
Subject: Cron <mailman fedora> /usr/bin/python
-S
/var/mailman/cron/gate_news
Above is the real problem. /usr/bin/python is run instead
of /var/mailman/cron/gate_news.
I presume that python is specified on the command-line to give the -S option.
From the python man page:
-S Disable the import of the module site and the site-dependent
manipulations of sys.path that it entails.
If we make the first line of each python script be:
#!/usr/bin/python -S
Then the "/usr/bin/python -S" part can be removed and a domain_auto_trans()
rule will take place and run things in the right domain.
Also the mailman.fc file was missing some things. I've attached a revised
version (untested) which should work better.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page