FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 03-26-2008, 09:37 PM
Chad Sellers
 
Default mailman not confined

On F8 (as well as RHEL5 from the looks of things), it seems that mailman is
not actually confined. The policy for it is compiled into the base module,
but the transition never happens. So, mailmanctl and qrunner run in
initrc_t. This looks like it is due to the fact that the default init script
for mailman calls "/usr/bin/python /usr/lib/mailman/bin/mailmanctl" and
"/usr/bin/python /usr/lib/mailman/bin/qrunner" rather than executing the
scripts directly. The simple fix is to remove python from the init script.
Anyone else noticing this problem? Any other ideas for a fix?

Thanks,
Chad Sellers

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 03-28-2008, 05:08 AM
Daniel J Walsh
 
Default mailman not confined

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Chad Sellers wrote:
> On F8 (as well as RHEL5 from the looks of things), it seems that mailman is
> not actually confined. The policy for it is compiled into the base module,
> but the transition never happens. So, mailmanctl and qrunner run in
> initrc_t. This looks like it is due to the fact that the default init script
> for mailman calls "/usr/bin/python /usr/lib/mailman/bin/mailmanctl" and
> "/usr/bin/python /usr/lib/mailman/bin/qrunner" rather than executing the
> scripts directly. The simple fix is to remove python from the init script.
> Anyone else noticing this problem? Any other ideas for a fix?
>
> Thanks,
> Chad Sellers
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Please open a bugzilla on it.

Looks like it is correct in rawhide


grep MAILMANCTL mailman
MAILMANCTL=$MAILMANHOME/bin/mailmanctl
daemon $MAILMANCTL -s -q start
daemon $MAILMANCTL -q stop
$MAILMANCTL -q -u status
$MAILMANCTL -u status
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkfsi04ACgkQrlYvE4MpobMYlgCgr7Dj/QkIGAWgsPGtcB0K3Fe5
Jy4AoMcLbM/5KrXnjIAdX59Qau3TxmY6
=h9NM
-----END PGP SIGNATURE-----

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 03-28-2008, 01:46 PM
Chad Sellers
 
Default mailman not confined

On 3/28/08 2:08 AM, "Daniel J Walsh" <dwalsh@redhat.com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Chad Sellers wrote:
>> On F8 (as well as RHEL5 from the looks of things), it seems that mailman is
>> not actually confined. The policy for it is compiled into the base module,
>> but the transition never happens. So, mailmanctl and qrunner run in
>> initrc_t. This looks like it is due to the fact that the default init script
>> for mailman calls "/usr/bin/python /usr/lib/mailman/bin/mailmanctl" and
>> "/usr/bin/python /usr/lib/mailman/bin/qrunner" rather than executing the
>> scripts directly. The simple fix is to remove python from the init script.
>> Anyone else noticing this problem? Any other ideas for a fix?
>>
>> Thanks,
>> Chad Sellers
>>
>> --
>> fedora-selinux-list mailing list
>> fedora-selinux-list@redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> Please open a bugzilla on it.
>
> Looks like it is correct in rawhide
>
>
> grep MAILMANCTL mailman
> MAILMANCTL=$MAILMANHOME/bin/mailmanctl
> daemon $MAILMANCTL -s -q start
> daemon $MAILMANCTL -q stop
> $MAILMANCTL -q -u status
> $MAILMANCTL -u status

Hmmm, guess I should have checked bugzilla first. Looks like there's already
a resolved bug (#350461) for this, which is why it's resolved in rawhide. I
don't suppose this will get backported to RHEL5 in an update?

Thanks,
Chad

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 03-28-2008, 07:31 PM
Daniel J Walsh
 
Default mailman not confined

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Chad Sellers wrote:
> On 3/28/08 2:08 AM, "Daniel J Walsh" <dwalsh@redhat.com> wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Chad Sellers wrote:
>>> On F8 (as well as RHEL5 from the looks of things), it seems that mailman is
>>> not actually confined. The policy for it is compiled into the base module,
>>> but the transition never happens. So, mailmanctl and qrunner run in
>>> initrc_t. This looks like it is due to the fact that the default init script
>>> for mailman calls "/usr/bin/python /usr/lib/mailman/bin/mailmanctl" and
>>> "/usr/bin/python /usr/lib/mailman/bin/qrunner" rather than executing the
>>> scripts directly. The simple fix is to remove python from the init script.
>>> Anyone else noticing this problem? Any other ideas for a fix?
>>>
>>> Thanks,
>>> Chad Sellers
>>>
>>> --
>>> fedora-selinux-list mailing list
>>> fedora-selinux-list@redhat.com
>>> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>> Please open a bugzilla on it.
>>
>> Looks like it is correct in rawhide
>>
>>
>> grep MAILMANCTL mailman
>> MAILMANCTL=$MAILMANHOME/bin/mailmanctl
>> daemon $MAILMANCTL -s -q start
>> daemon $MAILMANCTL -q stop
>> $MAILMANCTL -q -u status
>> $MAILMANCTL -u status
>
> Hmmm, guess I should have checked bugzilla first. Looks like there's already
> a resolved bug (#350461) for this, which is why it's resolved in rawhide. I
> don't suppose this will get backported to RHEL5 in an update?
>
> Thanks,
> Chad
>
A customer Bugzilla is required to get it backported. So open a
bugzilla and ask.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkftVbAACgkQrlYvE4MpobP+uQCg2nsDEnpKzZ mqSPxV5cBpJ8Aa
A1cAnAige1IaYU9zfSemRkR+QBPv/xBq
=m1xk
-----END PGP SIGNATURE-----

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 

Thread Tools




All times are GMT. The time now is 01:12 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org