SeLinux and mail relaying

[David G. Miller]

redhatdude at bellsouth.net wrote:

>There's no local.te in my system. I'm running FC5. Also, there is no  
>such rpm or anything similar in the yum repositories. Yes,  
>audit2allow gave me the rules to add, two of them indeed. The problem  
>now is where to add them. Any idea?
>Thanks a lot for your help, I really appreciate it.
>EJ
>
I did some googling and it looks like Red Hat/Fedora has changed the way 
they package the SELinux ruleset source for FC5.  It looks like you need 
the source RPM for selinux-policy-targeted instead of how they packaged 
things for FC4 and earlier with a separate package called 
selinux-policy-targeted-sources.  I guess it makes sense to just move 
the source to the source RPM instead of having a separate "sources" 
package; just confusing for those of us who got used to doing things the 
other way.

Here's a link to the source RPM but you should also be able to get it 
just using your favorite flavor of yum.

ftp://ftp.pbone.net/mirror/download.fedora.redhat.com/pub/fedora/linux/core/updates/5/SRPMS/selinux-policy-2.2.38-1.fc5.src.rpm

This file contains:

[dave at bend ~/rpm]# rpm -qlp selinux-policy-2.2.38-1.fc5.src.rpm
Makefile.devel
booleans-mls.conf
booleans-strict.conf
booleans-targeted.conf
modules-mls.conf
modules-strict.conf
modules-targeted.conf
policy-20060505.patch
policygentool
selinux-policy.spec
serefpolicy-2.2.38.tgz
setrans-mls.conf
setrans-strict.conf
setrans-targeted.conf

I'm *guessing* you'll need to unpack serefpolicy-2.2.38.tgz in an 
appropriate location and then add the local policy rules as I described 
earlier.  Hopefully, the link from one of the other responses will 
provide enough information about how to make a custom policy for FC5 
although "policygentool" sounds like a likely suspect.

Sorry about the confusion.

Cheers,
Dave

-- 
Politics, n. Strife of interests masquerading as a contest of principles.
-- Ambrose Bierce