I'm running a hardened Gentoo server with TPE (trusted path execution) enabled. When trying to follow the mailman post-install instructions at /usr/share/doc/mailman-2.1.14/README.gentoo.bz2, the following fails: $ bin/mmsitepass -su: bin/mmsitepass: /usr/bin/python: bad interpreter: Permission denied dmesg reports the following: grsec: From 10.12.0.31: denied untrusted exec of /usr/lib64/mailman/bin/mmsitepass by /bin/bash[bash:26493] uid/euid:280/280 gid/egid:280/280, parent /bin/bash[bash:18627] uid/euid:280/280 gid/egid:280/280 I'm guessing the rest of the mailman installation also has these problems. Disabling TPE (globally or for mailman) is a workaround for the bin/mmsitepass failure. However, security-wise it's not a good option. The mailman binaries should be owned and writeable only by root. Please make net-mail/mailman install itself in a completely TPE-independent manner.
The problem is a known mailman problem. Mailman ships with two scripts to fix these: /usr/lib64/mailman/bin/check_perms and /usr/lib64/mailman/bin/check_perms_grsecurity.py You need to run: /usr/lib64/mailman/bin/check_perms -f /usr/lib64/mailman/bin/check_perms_grsecurity.py -f There is a bug in check_perms_grsecurity.py however. Filing a bug report for it know.
https://bugs.gentoo.org/show_bug.cgi?id=505982
Doubly-obsolete: We don't have mailman2 any more and don't support grsec any longer, which is now proprietary.