Re: SeLinux and mail relaying

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

David G. Miller wrote:

redhatdude@xxxxxxxxxxxxx wrote:
There's no local.te in my system. I'm running FC5. Also, there is no such rpm or anything similar in the yum repositories. Yes, audit2allow gave me the rules to add, two of them indeed. The problem now is where to add them. Any idea? 
Thanks a lot for your help, I really appreciate it.
EJ
I did some googling and it looks like Red Hat/Fedora has changed the way they package the SELinux ruleset source for FC5. It looks like you need the source RPM for selinux-policy-targeted instead of how they packaged things for FC4 and earlier with a separate package called selinux-policy-targeted-sources. I guess it makes sense to just move the source to the source RPM instead of having a separate "sources" package; just confusing for those of us who got used to doing things the other way.
Here's a link to the source RPM but you should also be able to get it just using your favorite flavor of yum.
ftp://ftp.pbone.net/mirror/download.fedora.redhat.com/pub/fedora/linux/core/updates/5/SRPMS/selinux-policy-2.2.38-1.fc5.src.rpm 

This file contains:

[dave@bend ~/rpm]# rpm -qlp selinux-policy-2.2.38-1.fc5.src.rpm
Makefile.devel
booleans-mls.conf
booleans-strict.conf
booleans-targeted.conf
modules-mls.conf
modules-strict.conf
modules-targeted.conf
policy-20060505.patch
policygentool
selinux-policy.spec
serefpolicy-2.2.38.tgz
setrans-mls.conf
setrans-strict.conf
setrans-targeted.conf
I'm *guessing* you'll need to unpack serefpolicy-2.2.38.tgz in an appropriate location and then add the local policy rules as I described earlier. Hopefully, the link from one of the other responses will provide enough information about how to make a custom policy for FC5 although "policygentool" sounds like a likely suspect.
You don't need anything particularly complicated to do local policy changes in FC5 (it's much easier than in FC4 IMHO). 

See:
http://fedoraproject.org/wiki/SELinux/LoadableModules/Audit2allow
for example.
However, given that the OP's system is not delivering mail from cron, which is a pretty basic operation, I think the problem is one with the existing policy or with labelling rather than something that should just be allowed by local policy. I can't help much myself because I use sendmail and postfix is a mystery to me. That is why I referred the OP to fedora-selinux-list. The list is relatively quiet at weekends but might get more helpful soon. 

Paul.

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux