Bug 844773 - SElinux Policy for OpenDKIM
SElinux Policy for OpenDKIM
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
17
All Linux
unspecified Severity medium
: ---
: ---
Assigned To: Steve Jenkins
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-07-31 14:19 EDT by Manuel Schilt
Modified: 2013-01-06 23:05 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-01-06 23:05:20 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Archive with the policy module (.fc, .if, .te) (1.34 KB, application/x-bzip)
2012-07-31 14:21 EDT, Manuel Schilt
no flags Details

  None (edit)
Description Manuel Schilt 2012-07-31 14:19:52 EDT
I created a SELinux policy module for OpenDKIM.
Tested with the following packages: 

libopendkim-2.4.2-5.fc16.x86_64
opendkim-2.4.2-5.fc16.x86_64
postfix-2.8.11-1.fc16.x86_64


Notes:
1.
Add network_port(opendkim,tcp,8891,s0) to corenetwork definition
portcon does not work in modules
run this command: semanage port -a -t opendkim_port_t -p tcp 8891
.. after the module is loaded otherwise type is not resolved

2. 
To allow postfix connecting to opendkim
put this into core config of postfix:
allow postfix_cleanup_t opendkim_port_t:tcp_socket name_connect;
Comment 1 Manuel Schilt 2012-07-31 14:21:37 EDT
Created attachment 601557 [details]
Archive with the policy module (.fc, .if, .te)
Comment 2 Daniel Walsh 2012-08-01 08:37:07 EDT
http://danwalsh.livejournal.com/10607.html

We will add your policy to the pool
Comment 3 Daniel Walsh 2012-08-01 08:38:21 EDT
Probably better to just extend dkim policy that we already have.
Comment 4 Daniel Walsh 2012-08-01 08:41:55 EDT
Miroslav can you look into merging this into our dkim policy and then I guess turning it on.
Comment 5 Steve Jenkins 2012-08-01 11:28:32 EDT
Great - thanks, guys. Anything I need to do on the package end? I'm working on an update to the package now based on the new version of OpenDKIM source.
Comment 6 Steve Jenkins 2012-10-29 22:40:42 EDT
Curious to know the state of this? As it's still assigned to me, what do I need to do in order to resolve and close it? Thx.
Comment 7 Daniel Walsh 2012-10-30 15:24:14 EDT
Seems like the policy exists but has never been turned on.  Turning it on in F18.
Comment 8 Miroslav Grepl 2012-12-04 10:26:04 EST
Added.

commit 3284c2785b03fa5ae5816d779fd3b1ab7ae7bb8b
Author: Miroslav Grepl <mgrepl@redhat.com>
Date:   Tue Dec 4 16:24:51 2012 +0100

    opendkim should be a part of milter
Comment 9 Fedora Update System 2012-12-17 13:45:16 EST
selinux-policy-3.10.0-165.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/selinux-policy-3.10.0-165.fc17
Comment 10 Fedora Update System 2012-12-17 21:41:58 EST
Package selinux-policy-3.10.0-165.fc17:
* should fix your issue,
* was pushed to the Fedora 17 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing selinux-policy-3.10.0-165.fc17'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-20544/selinux-policy-3.10.0-165.fc17
then log in and leave karma (feedback).
Comment 11 Fedora Update System 2013-01-05 01:46:49 EST
Package selinux-policy-3.10.0-166.fc17:
* should fix your issue,
* was pushed to the Fedora 17 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing selinux-policy-3.10.0-166.fc17'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-20544/selinux-policy-3.10.0-166.fc17
then log in and leave karma (feedback).
Comment 12 Fedora Update System 2013-01-06 23:05:22 EST
selinux-policy-3.10.0-166.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.