Bug 1293635 - selinux policy opendkim (centos 6.6 (final))
Summary: selinux policy opendkim (centos 6.6 (final))
Keywords:
Status: CLOSED EOL
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 22
Hardware: x86_64
OS: Linux
low
low
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-12-22 13:45 UTC by pizzaisgezond
Modified: 2016-07-19 20:56 UTC (History)
6 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2016-07-19 20:56:49 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)

Description pizzaisgezond 2015-12-22 13:45:21 UTC
Description of problem:
Selinux prevents sending email with postfix signed by opendkim.

Version-Release number of selected component (if applicable):
EPEL 6.8
Opendkim 2.10.3-1.el6

How reproducible:
Install opendkim on centos and send an email with postfix signed by opendkim.


Steps to Reproduce:
1.
2.
3.

Actual results:
The following error in /var/log/maillog:
dkim_eoh(): resource unavailable: can't create temporary file at /tmp/dkim.C923540087.TKZn3y: Permission denied
with corresponding logs in /var/log/audit/audit.log

Expected results:
A sent email signed with an opendkim signature.

Additional info:
The following additional policy fixes the problem. (We used audit2allow.)

module [name] [version number];

require {
	type tmp_t;
	type dkim_milter_t;
	class dir { write remove_name add_name };
	class file { write create unlink open };
}

allow dkim_milter_t tmp_t:file { write create unlink open };

Comment 1 Steve Jenkins 2015-12-24 06:04:13 UTC
Hi, pizzaigezond. 

As this is an issue with the SELinux policy, rather than a bug with the OpenDKIM package itself, this should be filed as an selinux-policy bug so the team can evaluate and add any necessary policies, if warranted.

I'm changing the product to "Fedora" and the component to "selinux-policy," then resetting the assignee to the default for the component.

I'll remain on the bug CC to track.

Comment 2 pizzaisgezond 2015-12-24 14:33:54 UTC
Thanks!

Comment 3 Fedora End Of Life 2016-07-19 20:56:49 UTC
Fedora 22 changed to end-of-life (EOL) status on 2016-07-19. Fedora 22 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.


Note You need to log in before you can comment on or make changes to this bug.