mailman cgi-bin denied search

[Tim Fenn]

On Wed, Oct 19, 2005 at 09:57:07AM -0400, Daniel J Walsh wrote:
> Tim Fenn wrote:
> >I recently installed mailman on my FC3 box (using the redhat based
> >RPMs), and it seems to be working just fine, except for the numerous
> >avc messages it cranks out whenever I run one of the cgi scripts
> >associated with mailman (e.g. via the web interface):
> >
> >Oct 19 00:34:21 agora kernel: audit(1129707261.236:212): avc:  denied
> >{ search } for  pid=18761 comm="listinfo" name="run" dev=sda1
> >ino=1294372 scontext=root:system_r:mailman_cgi_t tcontext=system_
> >u:object_r:var_run_t tclass=dir
> >
> 
> Why would mailman listinfo be searching /var/log directory?
>

Well, I get the same errors with mailmanctl:

./mailmanctl status

yields no output, and the following errors:
Oct 19 13:22:39 agora kernel: audit(1129753359.647:314): avc:  denied
{ read write } for  pid=20837 comm="mailmanctl" name="3" dev=devpts
ino=5 scontext=root:system_r:mailman_mail_t
tcontext=root:object_r:devpts_t tclass=chr_file
Oct 19 13:22:39 agora kernel: audit(1129753359.694:318): avc:  denied
{ search } for  pid=20837 comm="mailmanctl" name="run" dev=sda1
ino=1294372 scontext=root:system_r:mailman_mail_t
tcontext=system_u:object_r:var_run_t tclass=dir
Oct 19 13:22:39 agora kernel: audit(1129753359.802:322): avc:  denied
{ setgid } for  pid=20837 comm="mailmanctl" capability=6
scontext=root:system_r:mailman_mail_t
tcontext=root:system_r:mailman_mail_t tclass=capability

However, if I comment out:

from Mailman.Logging.Syslog import syslog

in the mailmanctl script, all is well:

# ./mailmanctl status
mailman (pid 17677) is running...

and no error messages.  I would assume the same is true with the
cgi-bin scripts, such as listinfo.  Should I file a bugzilla report?

Regards,
Tim