GNU Mailman

Merge lp:~abompard/mailman/selinux into lp:mailman

  1. selinux
  2. Merge into 3.0
Proposed by Aurélien Bompard
Status: Needs review
Proposed branch: lp:~abompard/mailman/selinux
Merge into: lp:mailman
Diff against target: 45 lines (+19/-0)
4 files modified
selinux/Makefile (+13/-0)
selinux/mailman3.fc (+1/-0)
selinux/mailman3.te (+1/-0)
src/mailman/docs/START.rst (+4/-0)
To merge this branch: bzr merge lp:~abompard/mailman/selinux
Reviewer Review Type Date Requested Status
Barry Warsaw Needs Information
Review via email: mp+225120@code.launchpad.net

Description of the change

This change introduces SELinux support, as discussed on the mailing-list. It's very simple: it labels the generated mailserver files as etc_mail_t to allow Postfix or Exim to read them.
It assumes an FHS-compliant installation where the mailman var directory is in /var/lib/mailman (as in the mailman.cfg file) or in /var/lib/mailman3 (where it will be separated from an existing mailman2 install)

To post a comment you must log in.
Revision history for this message
Barry Warsaw (barry) wrote :

Just a question. It would be good to get a second opinion from someone who knows more about SELinux.

review: Needs Information
Reply

Unmerged revisions

7253. By Aurélien Bompard

Support installation in /var/lib/mailman

7252. By Aurélien Bompard

Add SELinux support

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== added directory 'selinux'
=== added file 'selinux/Makefile'
--- selinux/Makefile 1970-01-01 00:00:00 +0000
+++ selinux/Makefile 2014-07-01 08:33:31 +0000
@@ -0,0 +1,13 @@
1include /usr/share/selinux/devel/Makefile
2
3
4install_module: $(addprefix $(SHAREDIR)/$(NAME)/,$(all_packages))
5$(SHAREDIR)/$(NAME)/%.pp: %.pp
6 install -D -p -m 644 $^ $@
7
8restore:
9 [ -d /var/lib/mailman3 ] && restorecon -R /var/lib/mailman3
10
11install: install_module load restore
12
13.PHONY = install_module restore install
014
=== added file 'selinux/mailman3.fc'
--- selinux/mailman3.fc 1970-01-01 00:00:00 +0000
+++ selinux/mailman3.fc 2014-07-01 08:33:31 +0000
@@ -0,0 +1,1 @@
1/var/lib/mailman3?/data(/.*)? gen_context(system_u:object_r:etc_mail_t,s0)
02
=== added file 'selinux/mailman3.te'
--- selinux/mailman3.te 1970-01-01 00:00:00 +0000
+++ selinux/mailman3.te 2014-07-01 08:33:31 +0000
@@ -0,0 +1,1 @@
1policy_module(mailman3, 1.5)
02
=== modified file 'src/mailman/docs/START.rst'
--- src/mailman/docs/START.rst 2014-04-15 14:34:04 +0000
+++ src/mailman/docs/START.rst 2014-07-01 08:33:31 +0000
@@ -192,6 +192,10 @@
192``bin/mailman start`` to start the runner subprocess daemons, and of course192``bin/mailman start`` to start the runner subprocess daemons, and of course
193``bin/mailman stop`` to stop them.193``bin/mailman stop`` to stop them.
194194
195If you use SELinux on your server, you will want to run
196``make -C selinux install`` to install the policy module which will set the
197proper label on Mailman's files.
198
195Postorius, a web UI for administration and subscriber settings, is being199Postorius, a web UI for administration and subscriber settings, is being
196developed as a separate, Django-based project. For now, the most flexible200developed as a separate, Django-based project. For now, the most flexible
197means of configuration is via the command line and REST API.201means of configuration is via the command line and REST API.