I created a SELinux policy module for OpenDKIM. Tested with the following packages: libopendkim-2.4.2-5.fc16.x86_64 opendkim-2.4.2-5.fc16.x86_64 postfix-2.8.11-1.fc16.x86_64 Notes: 1. Add network_port(opendkim,tcp,8891,s0) to corenetwork definition portcon does not work in modules run this command: semanage port -a -t opendkim_port_t -p tcp 8891 .. after the module is loaded otherwise type is not resolved 2. To allow postfix connecting to opendkim put this into core config of postfix: allow postfix_cleanup_t opendkim_port_t:tcp_socket name_connect;
Created attachment 601557 [details] Archive with the policy module (.fc, .if, .te)
http://danwalsh.livejournal.com/10607.html We will add your policy to the pool
Probably better to just extend dkim policy that we already have.
Miroslav can you look into merging this into our dkim policy and then I guess turning it on.
Great - thanks, guys. Anything I need to do on the package end? I'm working on an update to the package now based on the new version of OpenDKIM source.
Curious to know the state of this? As it's still assigned to me, what do I need to do in order to resolve and close it? Thx.
Seems like the policy exists but has never been turned on. Turning it on in F18.
Added. commit 3284c2785b03fa5ae5816d779fd3b1ab7ae7bb8b Author: Miroslav Grepl <mgrepl> Date: Tue Dec 4 16:24:51 2012 +0100 opendkim should be a part of milter
selinux-policy-3.10.0-165.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/selinux-policy-3.10.0-165.fc17
Package selinux-policy-3.10.0-165.fc17: * should fix your issue, * was pushed to the Fedora 17 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.10.0-165.fc17' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-20544/selinux-policy-3.10.0-165.fc17 then log in and leave karma (feedback).
Package selinux-policy-3.10.0-166.fc17: * should fix your issue, * was pushed to the Fedora 17 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.10.0-166.fc17' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-20544/selinux-policy-3.10.0-166.fc17 then log in and leave karma (feedback).
selinux-policy-3.10.0-166.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.