Zarafa Selinux policy

From Zarafa wiki

(Difference between revisions)

Latest revision as of 19:36, 22 January 2011

To create a Selinux policy for Zarafa, please follow these steps.

Create a file zarafa.te with the following lines:

module zarafa 1.1;

require {
	type var_run_t;
	type postfix_postdrop_t;
	type httpd_t;
	type postfix_pipe_t;
	type initrc_t;
	class sock_file write;
	class unix_stream_socket connectto;
	class fifo_file { write getattr };
}

#============= httpd_t ==============
allow httpd_t initrc_t:unix_stream_socket connectto;
allow httpd_t var_run_t:sock_file write;

#============= postfix_pipe_t ==============
allow postfix_pipe_t initrc_t:unix_stream_socket connectto;
allow postfix_pipe_t var_run_t:sock_file write;

#============= postfix_postdrop_t ==============
allow postfix_postdrop_t initrc_t:fifo_file { write getattr };

Compile the Selinux policy with command: checkmodule -M -m -o zarafa.mod zarafa.te

Packade the policy with command: semodule_package -o zarafa.pp -m zarafa.mod

Copy the zarafa.pp policy file to the directory: /etc/selinux/targeted/modules/active/modules

Now you can load the policy with the command: semodule -vi /etc/selinux/targeted/modules/active/modules/zarafa.pp

To check if the policy is loaded, you can use semodule -l

Zarafa Selinux policy

From Zarafa wiki

Latest revision as of 19:36, 22 January 2011

Views

Personal tools

Navigation

Search

Toolbox