Package: mailman3-web Version: 0+20180916-10 Severity: normal To run a daemon in a unique domain in SE Linux you need a daemon-specific label on the program that is run. If the ExecStart line directly runs a program that's not daemon specific (EG uwsgi, perl, bash, etc) then this doesn't happen. The systemctl edit command doesn't allow overwriting the ExecStart entry, so the only thing to do with the package in it's current form on SE Linux is to change the /lib/systemd/system/mailman3-web.service file.
If instead you had ExecStart=/usr/sbin/mailman3-web-start or something similar then I could have the Debian SE Linux policy assign a specific label to that file and it would get the right context without any changes being needed. NB no change is needed for the mailman3 package because /usr/bin/mailman is a symlink to /usr/lib/mailman3/bin/mailman which is a program that is specific to mailman. -- System Information: Debian Release: 10.7 APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 5.9.0-5-amd64 (SMP w/3 CPU cores) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE=en_AU:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: SELinux: enabled - Mode: Enforcing - Policy name: default Versions of packages mailman3-web depends on: ii dbconfig-sqlite3 2.0.17 ii debconf [debconf-2.0] 1.5.71 ii init-system-helpers 1.56+nmu1 ii lsb-base 11.1.0 ii python3 3.9.1-1 ii python3-django-hyperkitty 1.3.3-1 ii python3-django-postorius 1.3.3-1 ii python3-mysqldb 1.4.4-2+b3 ii python3-whoosh 2.7.4+git6-g9134ad92-5 ii ucf 3.0038+nmu1 ii uwsgi 2.0.19.1-5 ii uwsgi-plugin-python3 2.0.19.1-5 Versions of packages mailman3-web recommends: pn libapache2-mod-proxy-uwsgi | nginx <none> Versions of packages mailman3-web suggests: ii mariadb-server-10.5 [virtual-mysql-server] 1:10.5.8-3 -- debconf information excluded
