Re: Any issues running as root vs. opendkim?
On Wed, Jul 30, 2014 at 1:22 PM, Todd Lyons <tlyons_at_ivenue.com> wrote:
> Then per comment 37, make the keys subdirectories have root own them,
> but group opendkim can read:
> %dir %attr(640,%{name},%{name}) %{_sysconfdir}/%{name}
> %dir %attr(640,%{name},%{name}) %{_sysconfdir}/%{name}/keys
>
Did you mean:
%dir %attr(640,root,%{name}) %{_sysconfdir}/%{name}
%dir %attr(640,root,%{name}) %{_sysconfdir}/%{name}/keys
Also, I see most directories are at least root executable. Any reason those
shouldn't be:
%dir %attr(740,root,%{name}) %{_sysconfdir}/%{name}
%dir %attr(740,root,%{name}) %{_sysconfdir}/%{name}/keys
Then make the default supplied keys have something accessible yet
> group restricted the way that opendkim requires:
>
> %config(noreplace) %attr(640,root,%{name})
> %{_sysconfdir}/%{name}/keys/*.private
> %config(noreplace) %attr(644,root,%{name})
> %{_sysconfdir}/%{name}/keys/*.txt
>
Can't do this in the spec file, because these files don't exist until first
run. But the keygen file I posted earlier will address, and I can patch
this time.
> I think that the %post by default will include a restorecon so you
> shouldn't have to mess with that manually.
>
That went over my head. :)
> Hopefully this will help a bit, or at least spark a bit of genius
> among those who know selinux better than us. :-)
>
Thx again for your always brilliant input. :)
SJ
Received on Wed Jul 30 2014 - 20:34:50 PST
This archive was generated by hypermail 2.3.0
: Wed Jul 30 2014 - 20:36:01 PST