Merge lp:~abompard/mailman/selinux into lp:mailman

Proposed by Aurélien Bompard on 2014-07-01
Status: Needs review
Proposed branch: lp:~abompard/mailman/selinux
Merge into: lp:mailman
Diff against target: 45 lines (+19/-0)
4 files modified
selinux/Makefile (+13/-0)
selinux/mailman3.fc (+1/-0)
selinux/mailman3.te (+1/-0)
src/mailman/docs/START.rst (+4/-0)
To merge this branch: bzr merge lp:~abompard/mailman/selinux
Reviewer Review Type Date Requested Status
Barry Warsaw 2014-07-01 Needs Information on 2015-05-08
Review via email: mp+225120@code.launchpad.net

Description of the change

This change introduces SELinux support, as discussed on the mailing-list. It's very simple: it labels the generated mailserver files as etc_mail_t to allow Postfix or Exim to read them.
It assumes an FHS-compliant installation where the mailman var directory is in /var/lib/mailman (as in the mailman.cfg file) or in /var/lib/mailman3 (where it will be separated from an existing mailman2 install)

To post a comment you must log in.
Barry Warsaw (barry) wrote :

Just a question. It would be good to get a second opinion from someone who knows more about SELinux.

review: Needs Information

Unmerged revisions

7253. By Aurélien Bompard on 2014-07-01

Support installation in /var/lib/mailman

7252. By Aurélien Bompard on 2014-07-01

Add SELinux support

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== added directory 'selinux'
2=== added file 'selinux/Makefile'
3--- selinux/Makefile 1970-01-01 00:00:00 +0000
4+++ selinux/Makefile 2014-07-01 08:33:31 +0000
5@@ -0,0 +1,13 @@
6+include /usr/share/selinux/devel/Makefile
7+
8+
9+install_module: $(addprefix $(SHAREDIR)/$(NAME)/,$(all_packages))
10+$(SHAREDIR)/$(NAME)/%.pp: %.pp
11+ install -D -p -m 644 $^ $@
12+
13+restore:
14+ [ -d /var/lib/mailman3 ] && restorecon -R /var/lib/mailman3
15+
16+install: install_module load restore
17+
18+.PHONY = install_module restore install
19
20=== added file 'selinux/mailman3.fc'
21--- selinux/mailman3.fc 1970-01-01 00:00:00 +0000
22+++ selinux/mailman3.fc 2014-07-01 08:33:31 +0000
23@@ -0,0 +1,1 @@
24+/var/lib/mailman3?/data(/.*)? gen_context(system_u:object_r:etc_mail_t,s0)
25
26=== added file 'selinux/mailman3.te'
27--- selinux/mailman3.te 1970-01-01 00:00:00 +0000
28+++ selinux/mailman3.te 2014-07-01 08:33:31 +0000
29@@ -0,0 +1,1 @@
30+policy_module(mailman3, 1.5)
31
32=== modified file 'src/mailman/docs/START.rst'
33--- src/mailman/docs/START.rst 2014-04-15 14:34:04 +0000
34+++ src/mailman/docs/START.rst 2014-07-01 08:33:31 +0000
35@@ -192,6 +192,10 @@
36 ``bin/mailman start`` to start the runner subprocess daemons, and of course
37 ``bin/mailman stop`` to stop them.
38
39+If you use SELinux on your server, you will want to run
40+``make -C selinux install`` to install the policy module which will set the
41+proper label on Mailman's files.
42+
43 Postorius, a web UI for administration and subscriber settings, is being
44 developed as a separate, Django-based project. For now, the most flexible
45 means of configuration is via the command line and REST API.