[Pkg-mailman-hackers] Bug#980383: mailman3-web: please make ExecStart in the service file call a script for SE Linux labelling
    Russell Coker 
    russell at coker.com.au
       
    Mon Jan 18 15:09:24 GMT 2021
    
    
  
Package: mailman3-web
Version: 0+20180916-10
Severity: normal
To run a daemon in a unique domain in SE Linux you need a daemon-specific
label on the program that is run.  If the ExecStart line directly runs a
program that's not daemon specific (EG uwsgi, perl, bash, etc) then this
doesn't happen.  The systemctl edit command doesn't allow overwriting the
ExecStart entry, so the only thing to do with the package in it's current
form on SE Linux is to change the /lib/systemd/system/mailman3-web.service
file.
If instead you had ExecStart=/usr/sbin/mailman3-web-start or something
similar then I could have the Debian SE Linux policy assign a specific
label to that file and it would get the right context without any
changes being needed.
NB no change is needed for the mailman3 package because /usr/bin/mailman
is a symlink to /usr/lib/mailman3/bin/mailman which is a program that is
specific to mailman.
-- System Information:
Debian Release: 10.7
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.9.0-5-amd64 (SMP w/3 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE=en_AU:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: SELinux: enabled - Mode: Enforcing - Policy name: default
Versions of packages mailman3-web depends on:
ii  dbconfig-sqlite3           2.0.17
ii  debconf [debconf-2.0]      1.5.71
ii  init-system-helpers        1.56+nmu1
ii  lsb-base                   11.1.0
ii  python3                    3.9.1-1
ii  python3-django-hyperkitty  1.3.3-1
ii  python3-django-postorius   1.3.3-1
ii  python3-mysqldb            1.4.4-2+b3
ii  python3-whoosh             2.7.4+git6-g9134ad92-5
ii  ucf                        3.0038+nmu1
ii  uwsgi                      2.0.19.1-5
ii  uwsgi-plugin-python3       2.0.19.1-5
Versions of packages mailman3-web recommends:
pn  libapache2-mod-proxy-uwsgi | nginx  <none>
Versions of packages mailman3-web suggests:
ii  mariadb-server-10.5 [virtual-mysql-server]  1:10.5.8-3
-- debconf information excluded
    
    
More information about the Pkg-mailman-hackers
mailing list