I need to add "pass though" for milter-greylist on F8
I know that F8 is no longer supported, but I would like
to know the steps to add my own "pass through" for the milter-graylist milter. I basically cannot start sendmail without the allowing AVC on the milter's socket. From: /var/log/audit/audit.log, I have: type=AVC msg=audit(1277670351.513:52178): avc: denied { getattr } for pid=30048 comm="sendmail" path="/var/run/milter-greylist/milter-greylist.sock" dev=sda3 ino=4114571 scontext=unconfined_u:system_r:sendmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file Thanks! Dan -- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux |
I need to add "pass though" for milter-greylist on F8
On 06/27/2010 11:10 PM, Daniel B. Thurman wrote:
> > I know that F8 is no longer supported, but I would like > to know the steps to add my own "pass through" for > the milter-graylist milter. I basically cannot start sendmail > without the allowing AVC on the milter's socket. > > From: /var/log/audit/audit.log, I have: > > type=AVC msg=audit(1277670351.513:52178): avc: denied { getattr } for > pid=30048 comm="sendmail" > path="/var/run/milter-greylist/milter-greylist.sock" dev=sda3 > ino=4114571 scontext=unconfined_u:system_r:sendmail_t:s0 > tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file > > Thanks! > Dan Do you have the milter module installed (i suspect not): > $ semodule -l | grep milter > milter 1.2.0 If you do not have it installed, then i guess you would need to back port it to f8 and install it there. Then allow sendmail to (atleast) get attributes of milter pid sockets. > -- > selinux mailing list > selinux@lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/selinux -- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux |
I need to add "pass though" for milter-greylist on F8
On 06/28/2010 06:08 PM, Daniel B. Thurman wrote:
> On 06/28/2010 12:45 AM, Dominick Grift wrote: >> On 06/27/2010 11:10 PM, Daniel B. Thurman wrote: >> >>> I know that F8 is no longer supported, but I would like >>> to know the steps to add my own "pass through" for >>> the milter-graylist milter. I basically cannot start sendmail >>> without the allowing AVC on the milter's socket. >>> >>> From: /var/log/audit/audit.log, I have: >>> >>> type=AVC msg=audit(1277670351.513:52178): avc: denied { getattr } for >>> pid=30048 comm="sendmail" >>> path="/var/run/milter-greylist/milter-greylist.sock" dev=sda3 >>> ino=4114571 scontext=unconfined_u:system_r:sendmail_t:s0 >>> tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file >>> >>> Thanks! >>> Dan >>> >> Do you have the milter module installed (i suspect not): >> >>> $ semodule -l | grep milter >>> milter 1.2.0 >>> > No, milter is not found on F8 >> If you do not have it installed, then i guess you would need to back >> port it to f8 and install it there. >> > How is this done? I am willing to do this in order to get greylisting > milter (and other milters) working! >> Then allow sendmail to (atleast) get attributes of milter pid sockets. May not be so easy to do but try the following: mkdir ~/milter; cd ~/milter; touch milter.{te,if,fc} in milter.te add the following: http://fpaste.org/167B/ in milter.if add the following: http://fpaste.org/XHVd/ in milter.fc add the following: http://fpaste.org/iJGU/ And then first see if you can get this to build: make -f /usr/share/selinux/devel/Makefile milter.pp if it does compile: run restorecon -R -v (..) for each path in milter.fc else: report the fail message so that we can try fix it. Than reproduce the issue and report back the AVC denials you are seeying. But i am afraid that building it might not be easy. > Thanks for responding! > Dan > -- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux |
I need to add "pass though" for milter-greylist on F8
On 06/28/2010 06:19 PM, Dominick Grift wrote:
> On 06/28/2010 06:08 PM, Daniel B. Thurman wrote: >> On 06/28/2010 12:45 AM, Dominick Grift wrote: >>> On 06/27/2010 11:10 PM, Daniel B. Thurman wrote: >>> >>>> I know that F8 is no longer supported, but I would like >>>> to know the steps to add my own "pass through" for >>>> the milter-graylist milter. I basically cannot start sendmail >>>> without the allowing AVC on the milter's socket. >>>> >>>> From: /var/log/audit/audit.log, I have: >>>> >>>> type=AVC msg=audit(1277670351.513:52178): avc: denied { getattr } for >>>> pid=30048 comm="sendmail" >>>> path="/var/run/milter-greylist/milter-greylist.sock" dev=sda3 >>>> ino=4114571 scontext=unconfined_u:system_r:sendmail_t:s0 >>>> tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file >>>> >>>> Thanks! >>>> Dan >>>> >>> Do you have the milter module installed (i suspect not): >>> >>>> $ semodule -l | grep milter >>>> milter 1.2.0 >>>> >> No, milter is not found on F8 >>> If you do not have it installed, then i guess you would need to back >>> port it to f8 and install it there. >>> >> How is this done? I am willing to do this in order to get greylisting >> milter (and other milters) working! >>> Then allow sendmail to (atleast) get attributes of milter pid sockets. > > May not be so easy to do but try the following: > > mkdir ~/milter; cd ~/milter; > touch milter.{te,if,fc} > > in milter.te add the following: > http://fpaste.org/167B/ > > in milter.if add the following: > http://fpaste.org/XHVd/ > > in milter.fc add the following: > http://fpaste.org/iJGU/ > > And then first see if you can get this to build: > > make -f /usr/share/selinux/devel/Makefile milter.pp > > if it does compile: i forgot to mention that at this point you'd install the generated milter.pp: sudo semodule -i milter.pp > run restorecon -R -v (..) for each path in milter.fc > > else: > report the fail message so that we can try fix it. > > Than reproduce the issue and report back the AVC denials you are seeying. > > But i am afraid that building it might not be easy. > > > >> Thanks for responding! >> Dan >> > > -- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux |
| All times are GMT. The time now is 02:54 AM. |
VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.