Re: Any issues running as root vs. opendkim?

From: Daniel Black <daniel.subs_at_internode.on.net>
Date: Sun, 03 Aug 2014 09:30:57 +1000

On 03/08/14 05:15, Steve Jenkins wrote:
> Yikes, Daniel. That's awesome... but WAY over my head. :)
>
> 1) Can you make that comment on the Bugzilla report for the benefit of
> the other guys on the bug?

ack. There's a bunch of cluey people on the bug already but getting the
below information would help defining a policy for all of opendkim.

> 2) Is there anything I should be doing on the package side to try and
> address?

Can you try to define the other thing that opendkim would need?

e.g. there are database things - so need to define what these are, so in
selinux there will be selinux booleans to enable opendkim access to
mysql for instance.

So please list all databases :
- mysql
- postgres
..
- ldap

Are all berkdb interactions read only from opendkim?

Memcache interactions are needed I think.

Does the dnssec unbound libraries read special files (got
TrustAnchorFile) or communicate over anything ?

What system calls occur with lua / erlang datasets?

Is there any other funky features that interact with other components
that would need selinux rules to allow those interactions?
Received on Sat Aug 02 2014 - 23:31:10 PST

This archive was generated by hypermail 2.3.0 : Sat Aug 02 2014 - 23:36:00 PST