Re: I need to add "pass though" for milter-greylist on F8

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 06/28/2010 06:19 PM, Dominick Grift wrote:
> On 06/28/2010 06:08 PM, Daniel B. Thurman wrote:
>> On 06/28/2010 12:45 AM, Dominick Grift wrote:
>>> On 06/27/2010 11:10 PM, Daniel B. Thurman wrote:
>>>   
>>>> I know that F8 is no longer supported, but I would like
>>>> to know the steps to add my own "pass through" for
>>>> the milter-graylist milter.  I basically cannot start sendmail
>>>> without the allowing AVC on the milter's socket.
>>>>
>>>> From: /var/log/audit/audit.log, I have:
>>>>
>>>> type=AVC msg=audit(1277670351.513:52178): avc:  denied  { getattr } for 
>>>> pid=30048 comm="sendmail"
>>>> path="/var/run/milter-greylist/milter-greylist.sock" dev=sda3
>>>> ino=4114571 scontext=unconfined_u:system_r:sendmail_t:s0
>>>> tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file
>>>>
>>>> Thanks!
>>>> Dan
>>>>     
>>> Do you have the milter module installed (i suspect not):
>>>   
>>>> $ semodule -l | grep milter
>>>> milter  1.2.0
>>>>     
>> No, milter is not found on F8
>>> If you do not have it installed, then i guess you would need to back
>>> port it to f8 and install it there.
>>>   
>> How is this done?  I am willing to do this in order to get greylisting
>> milter (and other milters) working!
>>> Then allow sendmail to (atleast) get attributes of milter pid sockets.
> 
> May not be so easy to do but try the following:
> 
> mkdir ~/milter; cd ~/milter;
> touch milter.{te,if,fc}
> 
> in milter.te add the following:
> http://fpaste.org/167B/
> 
> in milter.if add the following:
> http://fpaste.org/XHVd/
> 
> in milter.fc add the following:
> http://fpaste.org/iJGU/
> 
> And then first see if you can get this to build:
> 
> make -f /usr/share/selinux/devel/Makefile milter.pp
> 
> if it does compile:

i forgot to mention that at this point you'd install the generated
milter.pp:

sudo semodule -i milter.pp

> run restorecon -R -v (..) for each path in milter.fc
> 
> else:
> report the fail message so that we can try fix it.
> 
> Than reproduce the issue and report back the AVC denials you are seeying.
> 
> But i am afraid that building it might not be easy.
> 
> 
> 
>> Thanks for responding!
>> Dan
>>
> 
>

Attachment: signature.asc
Description: OpenPGP digital signature

--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux