[Mailman-Users] cant't create lists within the webinterface
John Dennis
jdennis at redhat.com
Mon Jan 31 17:41:46 CET 2005
On Mon, 2005-01-31 at 11:01 +0100, Markus Darges wrote:
> Hi,
>
> I cant' create a new list within the webinterface. Could someone tell
> mit whether it's a known bug? Even if I change the permission of the
> folder lists to 777 I get the same error.
> My OS is Fedora Core 3. Mailman 2.1.5, Python2.4, Apache2.0.52
First, off I trust you are using Red Hat's mailman rpm for FC3.
There is a possibility you may have run afoul of SELinux, but its very
hard to tell from the information presented. SELinux is a security
enhancement that restricts operations beyond the traditional UNIX
permissions. In FC3 SELinux is enabled by default in what is called
"targeted" mode, meaning SELinux is only used for "targeted"
applications and services because those applications and services are
open to the network and are much more vulnerable to exploit, mailman is
one of the services under SELinux protection. The security policy is
non-trival to author correctly it is possible we may have missed a
corner case. Here are two simple things you can do to determine if
SELinux is responsible for your access problems.
1) Look in /var/log/messages for any lines with "avc" in it, it will
probably read something like "audit avc access denied ..." but I'm going
from memory so don't use the full string I gave you to search for, I'm
almost positive the exact string is slightly different. If the security
policy is denying access it will log it in /var/log/messages and it
should be pretty obvious.
2) Turn off SELinux, run your mailman action again, does the problem go
away? If so, this is a sure sign its a bug in the security policy. To
disable SELinux, su to root and run system-config-securitylevel, you'll
see a dropdown box for SELinux, select the option to disable it.
If this fixes the problem, then make sure you're fully up to date with
the security policy, use your favorite package manager (e.g. yum) to
update this rpm: selinux-policy-targeted. Go back and enable SELinux, do
you still have the problem? If not great, if so then please file a bug
here: https://bugzilla.redhat.com and be sure to include the operation
being performed, the avc error messages from /var/log/messages, and the
rpm versions of mailman and selinux-policy-targeted.
--
John Dennis <jdennis at redhat.com>
More information about the Mailman-Users
mailing list