selinux + mailman +postfix security problem (F14)
Fulko Hew
fulko.hew at gmail.com
Thu Aug 25 16:16:29 UTC 2011
On Thu, Aug 25, 2011 at 12:13 PM, Marcos Luis Ortiz Valmaseda <
marcosluis2186 at googlemail.com> wrote:
> Can you provide the ls -Z of your content in /etc/mailman/aliases
>
[root at netwatch log]# ls -Z /etc/mailman/aliases
-rw-rw----. root mailman unconfined_u:object_r:mailman_data_t:s0
/etc/mailman/aliases
A advice:, use sealert to see a more human-readable approach to analyze the
> SELinux logs.
>
While waiting for a response from the list... I had just (discovered and)
done a:
# grep postalias /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
But I haven't tested it yet.
2011/8/25 Fulko Hew <fulko.hew at gmail.com>
>
>> On Fedora 14, I am setting up postfix and mailman.
>>
>> I had this working once, but I decided to yum erase postfix and mailman
>> and redo the configuration to prove I knew how to recreate it.
>>
>> Turns out I don't know how to recreate a working combination
>> because when creating a new list I now have mailman error log that
>> talks about:
>>
>> command failed: /usr/sbin/postalias /etc/mailman/aliases (status: 1,
>> Operation not permitted)
>>
>> and a corresponding AVC error:
>>
>> Aug 25 10:28:54 (null) (null): audit(1314282534.501:4326): avc: denied {
>> search } for
>> pid=12121 comm=postalias name=postfix ino=295074 dev=dm-0
>> scontext=system_u:system_r:mailman_cgi_t:s0
>> tcontext=system_u:object_r:postfix_etc_t:s0 tclass=dir
>>
>> Suggestions?
>>
>> Fulko
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/users/attachments/20110825/a99bebec/attachment.html
More information about the users
mailing list