[CentOS] selinux context for mm-handler?

Paul Heinlein heinlein at madboa.com
Thu Jan 5 17:57:00 UTC 2012


On Thu, 5 Jan 2012, Daniel J Walsh wrote:

> On 01/04/2012 05:37 PM, Paul Heinlein wrote:
>> I've got a Mailman installation running on CentOS 4 that I'd like
>> to migrate to a CentOS 6 box.
>>
>> My big obstacle at present is getting Mailman's mm-handler Perl
>> script to run as a Sendmail local mailer with SELinux enabled.
>>
>> I've tried changing mm-handler's selinux context type a few times,
>> but nothing has resulted in success [....]
>
> Set it back to its default label and then tell me what AVC messages
> you are seeing?

The rpm-supplied file is installed with the documentation, not with 
the binaries:

   /usr/share/doc/mailman-2.1.12/contrib/mm-handler

Its default type is usr_t. If I reset it to that, sendmail can't 
execute it:

type=AVC
msg=audit(1325785833.463:64862): avc:  denied  { execute } for
pid=XXXXX
comm="sendmail"
name="mm-handler"
dev=XXX
ino=XXXXXXXXXX
scontext=unconfined_u:system_r:sendmail_t:s0
tcontext=system_u:object_r:usr_t:s0
tclass=file

I appreciate you looking at this, Dan.

-- 
Paul Heinlein <> heinlein at madboa.com <> http://www.madboa.com/



More information about the CentOS mailing list