On 13/10/10 1:44 AM, Ben McGinnes wrote:> Hello,
> Does anyone have a sample SELinux policy for dkim-milter?
>
> I'm using the configuration from this page:
>
>
http://www.howtoforge.com/set-up-dkim-for-multiple-domains-on-postfix-with-dkim-milter-2.8.x-centos-5.3
>
> Along with the latest RPM from the link on that page.
Okay, my solution was this:
module dkimlocal 1.0;
require {
type postfix_smtpd_t;
type postfix_cleanup_t;
class tcp_socket { read write };
}
#============= postfix_cleanup_t =============allow postfix_cleanup_t
postfix_smtpd_t:tcp_socket { read write };
#EOF
Which was generated from the audit.log. Simply trying to load it with
"semodule -i dkimlocal.te" failed (magic number error), but doing the
following fixed it:
make -f /usr/share/selinux/devel/Makefile
semodule -i dkimlocal.pp
Special thanks go to Dan Walsh at Red Hat for lending a hand here.
Regards,
Ben
--
Ben McGinnes http://www.adversary.org/ Twitter: benmcginnes
Systems Administrator, Writer, ICT Consultant
Encrypted email preferred - primary OpenPGP/GPG key: 0xA04AE313
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x371AC5BFA04AE313
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.centos.org/pipermail/centos/attachments/20101013/4d014bd2/attachment-0002.sig>