On 06/28/2010 06:08 PM, Daniel B. Thurman wrote:
On 06/28/2010 12:45 AM, Dominick Grift wrote:
> On 06/27/2010 11:10 PM, Daniel B. Thurman wrote:
>
>> I know that F8 is no longer supported, but I would like
>> to know the steps to add my own "pass through" for
>> the milter-graylist milter. I basically cannot start sendmail
>> without the allowing AVC on the milter's socket.
>>
>> From: /var/log/audit/audit.log, I have:
>>
>> type=AVC msg=audit(1277670351.513:52178): avc: denied { getattr } for
>> pid=30048 comm="sendmail"
>> path="/var/run/milter-greylist/milter-greylist.sock" dev=sda3
>> ino=4114571 scontext=unconfined_u:system_r:sendmail_t:s0
>> tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file
>>
>> Thanks!
>> Dan
>>
> Do you have the milter module installed (i suspect not):
>
>> $ semodule -l | grep milter
>> milter 1.2.0
>>
No, milter is not found on F8
> If you do not have it installed, then i guess you would need to back
> port it to f8 and install it there.
>
How is this done? I am willing to do this in order to get greylisting
milter (and other milters) working!
> Then allow sendmail to (atleast) get attributes of milter pid sockets.
May not be so easy to do but try the following:
mkdir ~/milter; cd ~/milter;
touch milter.{te,if,fc}
in milter.te add the following:
http://fpaste.org/167B/
in milter.if add the following:
http://fpaste.org/XHVd/
in milter.fc add the following:
http://fpaste.org/iJGU/
And then first see if you can get this to build:
make -f /usr/share/selinux/devel/Makefile milter.pp
if it does compile:
run restorecon -R -v (..) for each path in milter.fc
else:
report the fail message so that we can try fix it.
Than reproduce the issue and report back the AVC denials you are seeying.
But i am afraid that building it might not be easy.
Thanks for responding!
Dan