[EMAIL PROTECTED] wrote: > By diabling SELinux altogether it worked. If you don't want to keep SELinux disabled, it should be possible to make mailman work without too much trouble. I do know that the Red Hat packages install mailman in locations that are more FHS compliant to help ease the writing of the SELinux policy. If you're installing mailman from source, it might be a little messier.
FWIW, I installed mailman from the packages provided as part of CentOS 5 and did a little light testing. I had to create a small SELinux policy module to allow mailman to be able to play nicely with postfix and have the web interface be able to create lists. The audit2allow tool made this fairly trivial (easier than the manual steps I'll list below to recreate the SELinux module, in fact :). So, the policy that was generated via audit2allow is: module mailmanpostfix 1.0; require { type mailman_mail_t; type mailman_archive_t; type postfix_etc_t; type mailman_cgi_t; class file { read getattr }; class dir search; } #============= mailman_cgi_t ============== allow mailman_cgi_t postfix_etc_t:dir search; allow mailman_cgi_t postfix_etc_t:file { read getattr }; #============= mailman_mail_t ============== allow mailman_mail_t mailman_archive_t:dir search; If you put that in to a file, say mailmanpostfix.te, you can compile it into a module and load it with just a few commands (all taken from the audit2allow manpage): # Compile the module $ checkmodule -M -m -o mailmanpostfix.mod mailmanpostfix.te # Create the package $ semodule_package -o mailmanpostfix.pp -m mailmanpostfix.mod # Load the module into the kernel $ semodule -i mailmanpostfix.pp Now, I don't claim to be enough of an SELinux guru to know whether some of the generated policy could be tightened up, but I don't think any of it looks egregiously incorrect. It's also quite likely to be more secure than disabling SELinux entirely. ;) On another note, you also said that you needed to be root to make genaliases work. Is that perhaps because the permissions and ownership on the aliases* files are not correct? The mailman install manual details the proper permission and ownership commands you should run: http://www.gnu.org/software/mailman/mailman-install/node13.html -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The best leaders inspire by example. When that's not an option, brute intimidation works pretty well, too. -- Demotivators (www.despair.com)
pgpPO0ZfwoJYd.pgp
Description: PGP signature
------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9