Red Hat Bugzilla – Bug 1293635
selinux policy opendkim (centos 6.6 (final))
Last modified: 2016-07-19 16:56:49 EDT
Description of problem: Selinux prevents sending email with postfix signed by opendkim. Version-Release number of selected component (if applicable): EPEL 6.8 Opendkim 2.10.3-1.el6 How reproducible: Install opendkim on centos and send an email with postfix signed by opendkim. Steps to Reproduce: 1. 2. 3. Actual results: The following error in /var/log/maillog: dkim_eoh(): resource unavailable: can't create temporary file at /tmp/dkim.C923540087.TKZn3y: Permission denied with corresponding logs in /var/log/audit/audit.log Expected results: A sent email signed with an opendkim signature. Additional info: The following additional policy fixes the problem. (We used audit2allow.) module [name] [version number]; require { type tmp_t; type dkim_milter_t; class dir { write remove_name add_name }; class file { write create unlink open }; } allow dkim_milter_t tmp_t:file { write create unlink open };
Hi, pizzaigezond. As this is an issue with the SELinux policy, rather than a bug with the OpenDKIM package itself, this should be filed as an selinux-policy bug so the team can evaluate and add any necessary policies, if warranted. I'm changing the product to "Fedora" and the component to "selinux-policy," then resetting the assignee to the default for the component. I'll remain on the bug CC to track.
Thanks!
Fedora 22 changed to end-of-life (EOL) status on 2016-07-19. Fedora 22 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed.