[Pkg-mailman-hackers] Bug#980383: mailman3-web: please make ExecStart in the service file call a script for SE Linux labelling

Russell Coker russell at coker.com.au
Mon Jan 18 15:09:24 GMT 2021 

Package: mailman3-web
Version: 0+20180916-10
Severity: normal

To run a daemon in a unique domain in SE Linux you need a daemon-specific
label on the program that is run.  If the ExecStart line directly runs a
program that's not daemon specific (EG uwsgi, perl, bash, etc) then this
doesn't happen.  The systemctl edit command doesn't allow overwriting the
ExecStart entry, so the only thing to do with the package in it's current
form on SE Linux is to change the /lib/systemd/system/mailman3-web.service
file.

If instead you had ExecStart=/usr/sbin/mailman3-web-start or something
similar then I could have the Debian SE Linux policy assign a specific
label to that file and it would get the right context without any
changes being needed.

NB no change is needed for the mailman3 package because /usr/bin/mailman
is a symlink to /usr/lib/mailman3/bin/mailman which is a program that is
specific to mailman.

-- System Information:
Debian Release: 10.7
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.9.0-5-amd64 (SMP w/3 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE=en_AU:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: SELinux: enabled - Mode: Enforcing - Policy name: default

Versions of packages mailman3-web depends on:
ii  dbconfig-sqlite3           2.0.17
ii  debconf [debconf-2.0]      1.5.71
ii  init-system-helpers        1.56+nmu1
ii  lsb-base                   11.1.0
ii  python3                    3.9.1-1
ii  python3-django-hyperkitty  1.3.3-1
ii  python3-django-postorius   1.3.3-1
ii  python3-mysqldb            1.4.4-2+b3
ii  python3-whoosh             2.7.4+git6-g9134ad92-5
ii  ucf                        3.0038+nmu1
ii  uwsgi                      2.0.19.1-5
ii  uwsgi-plugin-python3       2.0.19.1-5

Versions of packages mailman3-web recommends:
pn  libapache2-mod-proxy-uwsgi | nginx  <none>

Versions of packages mailman3-web suggests:
ii  mariadb-server-10.5 [virtual-mysql-server]  1:10.5.8-3

-- debconf information excluded

More information about the Pkg-mailman-hackers mailing list