Bug 536666

Summary:	Mailman policy does not properly assign attribute, file contexts are incorrect
Product:	Gentoo Linux	Reporter:	Dan O. <dan>
Component:	SELinux	Assignee:	Sven Vermeulen (RETIRED) <swift>
Status:	RESOLVED FIXED
Severity:	normal	CC:	selinux
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	sec-policy r4
Package list:		Runtime testing required:	---
Attachments:	Proposed policy fix

Description Dan O. 2015-01-15 02:41:12 UTC

The mailman policy in contrib does not have the correct paths in the filecontexts file. When creating the types, the policy does not assign them to the mailman_domain attribute leading to the different types not receiving the permissions they need.

Reproducible: Always

Comment 1 Dan O. 2015-01-15 02:42:16 UTC

Created attachment 393996 [details, diff]
Proposed policy fix

This is my proposed fix, I'm not entirely sure about the file contexts, but they seem to work, and now the mailman_domain attribute is assigned where it should be.

Comment 2 Sven Vermeulen (RETIRED) gentoo-dev

2015-02-15 17:52:04 UTC

Looks like upstream commit 7b53a1b7999ba245e8712ad9241e49542ce58b14 made this change, which breaks because there is a declaration for /usr/lib/mailman/bin(/.*)? in corecommands.fc which now takes precendence.

Going to add it in a distro_gentoo wrapper for now

Comment 3 Sven Vermeulen (RETIRED) gentoo-dev

2015-02-15 18:09:21 UTC

Changes are in our live repository and will be in the policy release r4

Comment 4 Sven Vermeulen (RETIRED) gentoo-dev

2015-03-22 13:51:46 UTC

Now in repo, ~arch

Comment 5 Sven Vermeulen (RETIRED) gentoo-dev

2015-04-16 19:18:07 UTC

r4 is stable