Zarafa Selinux policy

From Zarafa wiki

Revision as of 11:49, 21 September 2009 by Admin (Talk | contribs)
Jump to: navigation, search

To create a Selinux policy for Zarafa, please follow these steps.

  • Create a file zarafa.te with the following lines: 
module zarafa 1.0;

require {
	type var_run_t;
	type tmp_t;
	type httpd_t;
	type postfix_pipe_t;
	type initrc_t;
	class sock_file write;
	class unix_stream_socket connectto;
	class dir { write remove_name search add_name };
	class file { rename write getattr read create unlink append };
}

#============= httpd_t ==============
allow httpd_t initrc_t:unix_stream_socket connectto;
allow httpd_t var_run_t:sock_file write;

#============= postfix_pipe_t ==============
allow postfix_pipe_t initrc_t:unix_stream_socket connectto;
allow postfix_pipe_t tmp_t:dir { write remove_name search add_name };
allow postfix_pipe_t tmp_t:file { rename write getattr read create unlink append };
allow postfix_pipe_t var_run_t:sock_file write;


  • Compile the Selinux policy with command: checkmodule -M -m -o zarafa.mod zarafa.te


  • Packade the policy with command: semodule_package -o zarafa.pp -m zarafa.mod


  • Copy the zarafa.pp policy file to the directory: /etc/selinux/targeted/modules/active/modules


  • Now you can load the policy with the command: semodule -vi /etc/selinux/targeted/modules/active/modules/zarafa.pp

To check if the policy is loaded, you can use semodule -l

Retrieved from "http://www.zarafa.com/wiki/index.php/Zarafa_Selinux_policy"
Personal tools