On 11/17/20 8:30 PM, Stephen J. Turnbull wrote:
> Mark Sapiro writes:
>
> > And several years ago (in the 2.1.5 timeframe), RedHat modified their
> > Mailman package to be FHS compliant for the specific purpose of avoiding
> > SELinux security violations.
>
> Is it possible FHS non-conformance
On 11/17/2020 8:30 PM, Stephen J. Turnbull wrote:
Are we FHS conformant? If not, why would it be a bad idea to become
FHS-conformant (aaside from the effort required)?
I don't think so and that would probably break non linux systems (e.g.
xBSD). Might be OK to add FHS as an option to the conf
Mark Sapiro writes:
> And several years ago (in the 2.1.5 timeframe), RedHat modified their
> Mailman package to be FHS compliant for the specific purpose of avoiding
> SELinux security violations.
Is it possible FHS non-conformance is related to the OP's situation?
Are we FHS conformant? If
On 16 Nov 2020, at 2:17, Stephen J. Turnbull wrote:
Bill Cole writes:
On 15 Nov 2020, at 22:18, Stephen J. Turnbull wrote:
I don't see why access to archives would cause a security issue,
Thanks for the reply!
Also FWIW, I'm explaining here why I don't think this is a Mailman
issue. If t
On 11/15/20 9:43 PM, Bill Cole wrote:
>
> 2. On RHEL7 and its derivatives, the default SELinux policy includes a
> module for mailman's executable and data files which *in my experience*
> just works without modification when mailman is installed from an
> official RPM. It's even documented, if th
For general info, here is CentOS’s SELinux HowTo:
https://wiki.centos.org/HowTos/SELinux
Another good introduction:
https://www.digitalocean.com/community/tutorial_series/an-introduction-to-selinux-on-centos-7
Or you can just turn it off and trust the firewall if this is the only thing
the ser
Bill Cole writes:
> On 15 Nov 2020, at 22:18, Stephen J. Turnbull wrote:
> > I don't see why access to archives would cause a security issue,
Thanks for the reply!
Also FWIW, I'm explaining here why I don't think this is a Mailman
issue. If there is a vulnerability in our distribution, and th
On 15 Nov 2020, at 22:18, Stephen J. Turnbull wrote:
I don't
see why access to archives would cause a security issue,
FWIW:
1. SELinux doesn't know about specific security issues, it assumes that
nothing is safe unless explicitly allowed.
2. On RHEL7 and its derivatives, the default SELinu
Mark Sapiro writes:
> On 11/15/20 8:01 AM, Onyeibo Oku wrote:
> > Why am I getting AVC denials {map} associated with list archives?
> > Any ideas on how I should stabilize this?
We don't have a lot of SELinux experience here. For example, I myself
have no clue what "AVC denials {map}" means (
On 11/15/20 8:01 AM, Onyeibo Oku wrote:
> Hello everyone,
>
> I am observing increased CPU(%) usage whenever a Mailman User Service
> runs. The journal tells me that SELinux is preventing httpd from map
> access on the
> file /var/lib/mailman/archives/private///.html. A
> setroubleshoot service fo
10 matches
Mail list logo