Please take our Survey
logo       
<prev   next>

Choosing A Webhost:
A web hosting service is a type of Internet hosting service that allows individuals and organizations to provide their own website accessible via the World Wide Web. Web hosts are companies that provide space on a server they own for use by their clients as well as providing Internet connectivity, typically in a data center. Web hosts can also provide data center space and connectivity to the Internet for servers they do not own to be located in their data center, called colocation. more...

Re: mailman cgi-bin denied search: msg#00088

Subject: Re: mailman cgi-bin denied search 
On Wed, Oct 19, 2005 at 10:31:36PM -0400, Daniel J Walsh wrote:
> Tim Fenn wrote:
> >On Wed, Oct 19, 2005 at 09:57:07AM -0400, Daniel J Walsh wrote:
> >  
> >>Tim Fenn wrote:
> >>    
> >>>I recently installed mailman on my FC3 box (using the redhat based
> >>>RPMs), and it seems to be working just fine, except for the numerous
> >>>avc messages it cranks out whenever I run one of the cgi scripts
> >>>associated with mailman (e.g. via the web interface):
> >>>
> >>>Oct 19 00:34:21 agora kernel: audit(1129707261.236:212): avc:  denied
> >>>{ search } for  pid=18761 comm="listinfo" name="run" dev=sda1
> >>>ino=1294372 scontext=root:system_r:mailman_cgi_t tcontext=system_
> >>>u:object_r:var_run_t tclass=dir
> >>>
> >>>      
> >>Why would mailman listinfo be searching /var/log directory?
> >>
> >>    
> >
> >Well, I get the same errors with mailmanctl:
> >
> >./mailmanctl status
> >
> >yields no output, and the following errors:
> >Oct 19 13:22:39 agora kernel: audit(1129753359.647:314): avc:  denied
> >{ read write } for  pid=20837 comm="mailmanctl" name="3" dev=devpts
> >ino=5 scontext=root:system_r:mailman_mail_t
> >tcontext=root:object_r:devpts_t tclass=chr_file
> >Oct 19 13:22:39 agora kernel: audit(1129753359.694:318): avc:  denied
> >{ search } for  pid=20837 comm="mailmanctl" name="run" dev=sda1
> >ino=1294372 scontext=root:system_r:mailman_mail_t
> >tcontext=system_u:object_r:var_run_t tclass=dir
> >Oct 19 13:22:39 agora kernel: audit(1129753359.802:322): avc:  denied
> >{ setgid } for  pid=20837 comm="mailmanctl" capability=6
> >scontext=root:system_r:mailman_mail_t
> >tcontext=root:system_r:mailman_mail_t tclass=capability
> >
> >However, if I comment out:
> >
> >from Mailman.Logging.Syslog import syslog
> >
> >in the mailmanctl script, all is well:
> >
> ># ./mailmanctl status
> >mailman (pid 17677) is running...
> >
> >and no error messages.  I would assume the same is true with the
> >cgi-bin scripts, such as listinfo.  Should I file a bugzilla report?
> >
> >Regards,
> >Tim
> >  
> Yes.  submit a bug.   Although generating these in FC4 would be far more 
> interesting.  Also do these AVC messages cause problems or are they just 
> being reported.  No output from the script is fixed in FC4.
> 

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=171265

I tested mailman on a FC4 machine, no problems.  Seemed to work as
expected - no errors.

The AVC messages don't prevent mailman from working - I can make lists
and so forth (although some scripts, like mailmanctl, don't work),
but I haven't done extensive testing...

Hope this helps,
Tim
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Preserving Context with tar, Daniel J Walsh
Next by Date:  Re: Preserving Context with tar, Stephen Smalley
Previous by Thread:  Re: mailman cgi-bin denied search, Daniel J Walsh
Next by Thread:  Preserving Context with tar, W. Scott wilburn
Indexes:  [Date] [Thread] [Top] [All Lists]

Google Custom Search
Recently Viewed:
qnx.openqnx.dev...    gcc.libstdc++.c...    solaris.opensol...    information-ret...    misc.misterhous...    web.catalyst.ge...    apache.webservi...    redhat.release....    hardware.lirc/2...    kernel.autofs/2...    technology.sust...    linux.vdr/2003-...    editors.lyx.gen...    org.user-groups...    netbsd.devel.pk...    xdg.devel/2004-...    version-control...    jakarta.slide.d...    debian.packages...    creativecommons...    ports.ppc.embed...    bug-tracking.bu...   
Home | blog view | USPTO Patent Archive | advertise | OSDir is an inevitable website. super tiny logo

Free Magazines

Cisco News
Receive a free quarterly e-newsletter with exclusive articles on how Cisco IT uses its own products and solutions to enable the business.
subscribe

Systems Management News, the newspaper for IT systems administration and data center managers! Each issue of Systems Management News is chock-full of news and analysis to help you understand what's happening in your field.
subscribe

The Enterprise Newsweekly eWeek is the essential technology information source for builders of e-business.
subscribe

Oracle Magazine Oracle Magazine contains technology strategy articles, sample code, tips, Oracle and partner news, how to articles for developers and DBAs, and more. Oracle (NASDAQ: ORCL) is the world's largest enterprise software company.
subscribe

Total Telecom Total Telecom is "The Economist of the communications industry".
subscribe