Bug 1293635 - selinux policy opendkim (centos 6.6 (final))
selinux policy opendkim (centos 6.6 (final))
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
x86_64 Linux
low Severity low
: ---
: ---
Assigned To: Miroslav Grepl
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2015-12-22 08:45 EST by pizzaisgezond
Modified: 2016-07-19 16:56 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2016-07-19 16:56:49 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description pizzaisgezond 2015-12-22 08:45:21 EST
Description of problem:
Selinux prevents sending email with postfix signed by opendkim.

Version-Release number of selected component (if applicable):
EPEL 6.8
Opendkim 2.10.3-1.el6

How reproducible:
Install opendkim on centos and send an email with postfix signed by opendkim.

Steps to Reproduce:

Actual results:
The following error in /var/log/maillog:
dkim_eoh(): resource unavailable: can't create temporary file at /tmp/dkim.C923540087.TKZn3y: Permission denied
with corresponding logs in /var/log/audit/audit.log

Expected results:
A sent email signed with an opendkim signature.

Additional info:
The following additional policy fixes the problem. (We used audit2allow.)

module [name] [version number];

require {
	type tmp_t;
	type dkim_milter_t;
	class dir { write remove_name add_name };
	class file { write create unlink open };

allow dkim_milter_t tmp_t:file { write create unlink open };
Comment 1 Steve Jenkins 2015-12-24 01:04:13 EST
Hi, pizzaigezond. 

As this is an issue with the SELinux policy, rather than a bug with the OpenDKIM package itself, this should be filed as an selinux-policy bug so the team can evaluate and add any necessary policies, if warranted.

I'm changing the product to "Fedora" and the component to "selinux-policy," then resetting the assignee to the default for the component.

I'll remain on the bug CC to track.
Comment 2 pizzaisgezond 2015-12-24 09:33:54 EST
Comment 3 Fedora End Of Life 2016-07-19 16:56:49 EDT
Fedora 22 changed to end-of-life (EOL) status on 2016-07-19. Fedora 22 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this

Thank you for reporting this bug and we are sorry it could not be fixed.

Note You need to log in before you can comment on or make changes to this bug.