On 06/28/2010 06:08 PM, Daniel B. Thurman wrote:
> On 06/28/2010 12:45 AM, Dominick Grift wrote:
>> On 06/27/2010 11:10 PM, Daniel B. Thurman wrote:
>>
>>> I know that F8 is no longer supported, but I would like
>>> to know the steps to add my own "pass through" for
>>> the milter-graylist milter. I basically cannot start sendmail
>>> without the allowing AVC on the milter's socket.
>>>
>>> From: /var/log/audit/audit.log, I have:
>>>
>>> type=AVC msg=audit(1277670351.513:52178): avc: denied { getattr } for
>>> pid=30048 comm="sendmail"
>>> path="/var/run/milter-greylist/milter-greylist.sock" dev=sda3
>>> ino=4114571 scontext=unconfined_u:system_r:sendmail_t:s0
>>> tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file
>>>
>>> Thanks!
>>> Dan
>>>
>> Do you have the milter module installed (i suspect not):
>>
>>> $ semodule -l | grep milter
>>> milter 1.2.0
>>>
> No, milter is not found on F8
>> If you do not have it installed, then i guess you would need to back
>> port it to f8 and install it there.
>>
> How is this done? I am willing to do this in order to get greylisting
> milter (and other milters) working!
>> Then allow sendmail to (atleast) get attributes of milter pid sockets.
May not be so easy to do but try the following:
mkdir ~/milter; cd ~/milter;
touch milter.{te,if,fc}
in milter.te add the following:
http://fpaste.org/167B/
in milter.if add the following:
http://fpaste.org/XHVd/
in milter.fc add the following:
http://fpaste.org/iJGU/
And then first see if you can get this to build:
make -f /usr/share/selinux/devel/Makefile milter.pp
if it does compile:
run restorecon -R -v (..) for each path in milter.fc
else:
report the fail message so that we can try fix it.
Than reproduce the issue and report back the AVC denials you are seeying.
But i am afraid that building it might not be easy.
> Thanks for responding!
> Dan
>
Attachment:
signature.asc
Description: OpenPGP digital signature
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
