Ivan wrote:
- the file /usr/lib/mailman/mail (which your script runs) appears to be
a SGID executable to group mailman which runs other [mailman] programs.
[...]
ultimately this boils down to postfix_pipe being unable to execute mailman.
However, it isn't even able to invoke the python script. To make that work, does the policy need to allow postfix_pipe_t to run python?
The python script isn't that complicated; I could rewrite it in C if necessary.
I tried my hand at adding mailman rules to postfix.te:
ifdef(`mailman.te', ` domain_auto_trans(postfix_pipe_t, mailman_exec_t, mailman_t) ')
but that doesn't appear to work, possibly because mailman.te defines mailman_$1_t, and I don't have any idea what $1 is.
Thanks, Eric
[and thanks for putting up with my SELinux newbie questions!]