On 13/10/10 1:44 AM, Ben McGinnes wrote: > Hello, > Does anyone have a sample SELinux policy for dkim-milter? > > I'm using the configuration from this page: > > http://www.howtoforge.com/set-up-dkim-for-multiple-domains-on-postfix-with-dkim-milter-2.8.x-centos-5.3 > > Along with the latest RPM from the link on that page. Okay, my solution was this: module dkimlocal 1.0; require { type postfix_smtpd_t; type postfix_cleanup_t; class tcp_socket { read write }; } #============= postfix_cleanup_t ============== allow postfix_cleanup_t postfix_smtpd_t:tcp_socket { read write }; #EOF Which was generated from the audit.log. Simply trying to load it with "semodule -i dkimlocal.te" failed (magic number error), but doing the following fixed it: make -f /usr/share/selinux/devel/Makefile semodule -i dkimlocal.pp Special thanks go to Dan Walsh at Red Hat for lending a hand here. Regards, Ben -- Ben McGinnes http://www.adversary.org/ Twitter: benmcginnes Systems Administrator, Writer, ICT Consultant Encrypted email preferred - primary OpenPGP/GPG key: 0xA04AE313 http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x371AC5BFA04AE313 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20101013/4d014bd2/attachment-0004.sig>