Zarafa Selinux policy

From Zarafa wiki

Jump to: navigation, search

To create a Selinux policy for Zarafa, please follow these steps.

  • Create a file zarafa.te with the following lines:
module zarafa 1.1;

require {
	type var_run_t;
	type postfix_postdrop_t;
	type httpd_t;
	type postfix_pipe_t;
	type initrc_t;
	class sock_file write;
	class unix_stream_socket connectto;
	class fifo_file { write getattr };

#============= httpd_t ==============
allow httpd_t initrc_t:unix_stream_socket connectto;
allow httpd_t var_run_t:sock_file write;

#============= postfix_pipe_t ==============
allow postfix_pipe_t initrc_t:unix_stream_socket connectto;
allow postfix_pipe_t var_run_t:sock_file write;

#============= postfix_postdrop_t ==============
allow postfix_postdrop_t initrc_t:fifo_file { write getattr };

  • Compile the Selinux policy with command: checkmodule -M -m -o zarafa.mod zarafa.te

  • Packade the policy with command: semodule_package -o zarafa.pp -m zarafa.mod

  • Copy the zarafa.pp policy file to the directory: /etc/selinux/targeted/modules/active/modules

  • Now you can load the policy with the command: semodule -vi /etc/selinux/targeted/modules/active/modules/zarafa.pp

To check if the policy is loaded, you can use semodule -l

Personal tools