Package: selinux-policy-default Version: 2:2.20140206-1 Severity: normal mailman's qrunner and friends aren't being properly labelled and so aren't transitioning properly on startup:
system_u:system_r:initrc_t:s0 3523 ? S 0:00 /usr/bin/python /var/lib/mailman/bin/qrunner --runner=ArchRunner:0:1 -s system_u:system_r:initrc_t:s0 3524 ? S 0:00 /usr/bin/python /var/lib/mailman/bin/qrunner --runner=BounceRunner:0:1 -s system_u:system_r:initrc_t:s0 3525 ? S 0:00 /usr/bin/python /var/lib/mailman/bin/qrunner --runner=CommandRunner:0:1 -s system_u:system_r:initrc_t:s0 3526 ? S 0:00 /usr/bin/python /var/lib/mailman/bin/qrunner --runner=IncomingRunner:0:1 -s system_u:system_r:initrc_t:s0 3527 ? S 0:00 /usr/bin/python /var/lib/mailman/bin/qrunner --runner=NewsRunner:0:1 -s system_u:system_r:initrc_t:s0 3528 ? S 0:00 /usr/bin/python /var/lib/mailman/bin/qrunner --runner=OutgoingRunner:0:1 -s system_u:system_r:initrc_t:s0 3529 ? S 0:00 /usr/bin/python /var/lib/mailman/bin/qrunner --runner=VirginRunner:0:1 -s system_u:system_r:initrc_t:s0 3530 ? S 0:00 /usr/bin/python /var/lib/mailman/bin/qrunner --runner=RetryRunner:0:1 -s These are actually started via /usr/lib/mailman/bin/mailmanctl. FC rules say to label that as mailman_mail_exec_t and qrunner as mailman_queue_exec_t, but neither is labelled that way with the mailman module 1.10.0 installed: -rwxr-xr-x. 1 root list system_u:object_r:bin_t:SystemLow 21412 Feb 3 05:30 /usr/lib/mailman/bin/mailmanctl -rwxr-xr-x. 1 root list system_u:object_r:bin_t:SystemLow 9612 Feb 3 05:30 /usr/lib/mailman/bin/qrunner The reason may be that they're losing a specificity contest with a conflicting FC rule; if the .* is removed from the path in the .fc for those files, it gets labelled correctly: /usr/lib/mailman.*/bin/qrunner -- gen_context(system_u:object_r:mailman_queue_exec_t,s0) -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (990, 'testing'), (500, 'testing-updates'), (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.12-1-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages selinux-policy-default depends on: ii libpam-modules 1.1.3-9 ii libselinux1 2.2.2-1 ii libsepol1 2.2-1 ii policycoreutils 2.2.5-1 ii python 2.7.5-5 ii selinux-utils 2.2.2-1 Versions of packages selinux-policy-default recommends: ii checkpolicy 2.2-1 ii setools 3.3.8-3 Versions of packages selinux-policy-default suggests: pn logcheck <none> pn syslog-summary <none> -- Configuration Files: /etc/selinux/default/modules/active/file_contexts.local [Errno 13] Permission denied: u'/etc/selinux/default/modules/active/file_contexts.local' -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
