[CentOS] selinux context for mm-handler?
Paul Heinlein
heinlein at madboa.com
Thu Jan 5 17:57:00 UTC 2012
On Thu, 5 Jan 2012, Daniel J Walsh wrote:
> On 01/04/2012 05:37 PM, Paul Heinlein wrote:
>> I've got a Mailman installation running on CentOS 4 that I'd like
>> to migrate to a CentOS 6 box.
>>
>> My big obstacle at present is getting Mailman's mm-handler Perl
>> script to run as a Sendmail local mailer with SELinux enabled.
>>
>> I've tried changing mm-handler's selinux context type a few times,
>> but nothing has resulted in success [....]
>
> Set it back to its default label and then tell me what AVC messages
> you are seeing?
The rpm-supplied file is installed with the documentation, not with
the binaries:
/usr/share/doc/mailman-2.1.12/contrib/mm-handler
Its default type is usr_t. If I reset it to that, sendmail can't
execute it:
type=AVC
msg=audit(1325785833.463:64862): avc: denied { execute } for
pid=XXXXX
comm="sendmail"
name="mm-handler"
dev=XXX
ino=XXXXXXXXXX
scontext=unconfined_u:system_r:sendmail_t:s0
tcontext=system_u:object_r:usr_t:s0
tclass=file
I appreciate you looking at this, Dan.
--
Paul Heinlein <> heinlein at madboa.com <> http://www.madboa.com/
More information about the CentOS
mailing list