On 06/28/2010 06:08 PM, Daniel B. Thurman wrote:
On 06/28/2010 12:45 AM, Dominick Grift wrote:
On 06/27/2010 11:10 PM, Daniel B. Thurman wrote:
I know that F8 is no longer supported, but I would like to know the steps to add my own "pass through" for the milter-graylist milter. I basically cannot start sendmail without the allowing AVC on the milter's socket.
From: /var/log/audit/audit.log, I have:
type=AVC msg=audit(1277670351.513:52178): avc: denied { getattr } for pid=30048 comm="sendmail" path="/var/run/milter-greylist/milter-greylist.sock" dev=sda3 ino=4114571 scontext=unconfined_u:system_r:sendmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file
Thanks! Dan
Do you have the milter module installed (i suspect not):
$ semodule -l | grep milter milter 1.2.0
No, milter is not found on F8
If you do not have it installed, then i guess you would need to back port it to f8 and install it there.
How is this done? I am willing to do this in order to get greylisting milter (and other milters) working!
Then allow sendmail to (atleast) get attributes of milter pid sockets.
May not be so easy to do but try the following:
mkdir ~/milter; cd ~/milter; touch milter.{te,if,fc}
in milter.te add the following: http://fpaste.org/167B/
in milter.if add the following: http://fpaste.org/XHVd/
in milter.fc add the following: http://fpaste.org/iJGU/
And then first see if you can get this to build:
make -f /usr/share/selinux/devel/Makefile milter.pp
if it does compile:
run restorecon -R -v (..) for each path in milter.fc
else: report the fail message so that we can try fix it.
Than reproduce the issue and report back the AVC denials you are seeying.
But i am afraid that building it might not be easy.
Thanks for responding! Dan