[CentOS] SELinux policy for dkim-milter

Tue Oct 12 17:59:53 UTC 2010
Ben McGinnes <ben at adversary.org>

On 13/10/10 1:44 AM, Ben McGinnes wrote:
> Hello,
> 	Does anyone have a sample SELinux policy for dkim-milter?
> I'm using the configuration from this page:
> http://www.howtoforge.com/set-up-dkim-for-multiple-domains-on-postfix-with-dkim-milter-2.8.x-centos-5.3
> Along with the latest RPM from the link on that page.

Okay, my solution was this:

module dkimlocal 1.0;

require {
	type postfix_smtpd_t;
	type postfix_cleanup_t;
	class tcp_socket { read write };

#============= postfix_cleanup_t ==============
allow postfix_cleanup_t postfix_smtpd_t:tcp_socket { read write };

Which was generated from the audit.log.  Simply trying to load it with
"semodule -i dkimlocal.te" failed (magic number error), but doing the
following fixed it:

make -f /usr/share/selinux/devel/Makefile
semodule -i dkimlocal.pp

Special thanks go to Dan Walsh at Red Hat for lending a hand here.


Ben McGinnes  http://www.adversary.org/  Twitter: benmcginnes
    Systems Administrator, Writer, ICT Consultant
Encrypted email preferred - primary OpenPGP/GPG key: 0xA04AE313

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20101013/4d014bd2/attachment-0004.sig>