SELinux for postfix + dovecot
I am currently in the middle of creating an email solution for the doctors surgery that I work for. I have previously tried exchange, but found it to slow, and unreliable for my needs. Instead, I have decided to go with postfix + dovecot for the doctors needs.
In my experimenting, I have been using a fedora VM, with SElinux enabled. However, SELinux has decided to hate on everything I do for this, and thus in my inability to accept defeat, I have created an SELinux module that should allow postfix and dovecot to work as per following this email setup guide.
the module is
module postfixmysql 1.0;
require {
type mysqld_var_run_t;
type postfix_map_t;
type usr_t;
type mysqld_t;
type mysqld_db_t;
type postfix_virtual_t;
type postfix_smtpd_t;
type postfix_cleanup_t;
class sock_file write;
class unix_stream_socket connectto;
class file getattr;
class dir search;
}
#============= postfix_cleanup_t ==============
allow postfix_cleanup_t mysqld_db_t:dir search;
allow postfix_cleanup_t mysqld_t:unix_stream_socket connectto;
allow postfix_cleanup_t mysqld_var_run_t:sock_file write;
allow postfix_cleanup_t usr_t:file getattr;
#============= postfix_map_t ==============
allow postfix_map_t mysqld_db_t:dir search;
allow postfix_map_t mysqld_t:unix_stream_socket connectto;
allow postfix_map_t mysqld_var_run_t:sock_file write;
#============= postfix_smtpd_t ==============
allow postfix_smtpd_t mysqld_db_t:dir search;
allow postfix_smtpd_t mysqld_t:unix_stream_socket connectto;
allow postfix_smtpd_t mysqld_var_run_t:sock_file write;
#============= postfix_virtual_t ==============
allow postfix_virtual_t mysqld_db_t:dir search;
allow postfix_virtual_t mysqld_t:unix_stream_socket connectto;
allow postfix_virtual_t mysqld_var_run_t:sock_file write;
This can be built and installed with a command like such (as root)
checkmodule -M -m -o postfixmysql.mod postfixmysql.te; semodule_package -m postfixmysql.mod -o postfixmysql.pp; semodule -i postfixmysql.pp