On Sun, 2004-11-21 at 15:43, Nathan Fiedler wrote: > It turns out the problem was simple and so was the solution. When > importing my existing list data and archives from another machine, I did > not know to update the selinux context labels appropriately. Thus, the > kernel was unable to determine if the apache user was allowed to access > the files. Normally it should be, but without the labels it wouldn't > succeed. > > To correct the labels, I ran both of these commands as root: > > # fixfiles relabel > # restorecon -Rv /var/lib/mailman
I'm glad you got this problem fixed. I'm also relieved it was not a bug in the security policy after all, we did try pretty hard to make sure the policy shipped without problems but our testing centered around new installations and didn't take into account copying in foreign files. This sounds like something that needs documentation. restorecon is the right tool to relabel files to their defaults in specific directories. fixfiles would have relabeled the entire system and is not generally recommended. It may have helped if you had been the user mailman when you copied the files as opposed to root, but there are many issues that impinge. Was the operation a move or a copy? Did destination file previously exist? Would you have had permission as mailman to read the files? etc. Rather than enumeration all the possible considerations when dealing with files and directories under the protection of SELinux the most expedient path is to copy the files and relabel the files using restorecon, just as you did. -- John Dennis <[EMAIL PROTECTED]> ------------------------------------------------------ Mailman-Users mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
