我正在尝试使用 Postfix(在 CentOS 上)设置 opendkim。
将我已知的良好私钥复制到位后,我看到了以下内容:
Nov 16 12:54:26 [host.domain] setroubleshoot[10093]: SELinux is preventing opendkim from open access on the file /etc/opendkim/keys/mykey.private. For complete SELinux messages run: sealert -l 8de37e21-88ab-46af-9927-e6040f6bfc97
Nov 16 12:54:26 [host.domain] platform-python[10093]: SELinux is preventing opendkim from open access on the file /etc/opendkim/keys/mykey.private.
***** Plugin restorecon (99.5 confidence) suggests ************************
If you want to fix the label.
/etc/opendkim/keys/mykey.private default label should be etc_t.
Then you can run restorecon. The access attempt may have been stopped due to insufficient permissions to access a parent directory in which case try to change the following command accordingly.
Do
# /sbin/restorecon -v /etc/opendkim/keys/mykey.private
***** Plugin catchall (1.49 confidence) suggests **************************
If you believe that opendkim should be allowed open access on the mykey.private file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'opendkim' --raw | audit2allow -M my-opendkim
# semodule -X 300 -i my-opendkim.pp
答案1
就我而言,这是因为我已移动(mv)通过用户主目录将我的私钥文件放到位,但它附带了错误的 SELinux 扩展权限。
编辑:参见@MichaelHampton 的评论,删除该文件然后复制将其放到(cp)处,而不是(mv)。
编辑:或者参见@HermannB 的评论,一旦您遇到问题并需要解决它,只需运行 就足够了/sbin/restorecon -v /etc/opendkim/keys/mykey.private。
我原来的答案:
要修复此问题,请在其目录中重新创建密钥文件,例如:
$ cd
$ sudo mv /etc/opendkim/keys/mykey.private .
$ su
> cd /etc/opendkim
> cat /home/[a.user]/mykey.private > mykey.private
> chown opendkim mykey.private
> chgrp opendkim mykey.private
> chmod 600 mykey.private
它正在新建文件(即带有 的行cat),这解决了基本问题。如果您在目录中新建它keys,它会自动获得正确的 SELinux 权限,opendkim 可以读取它。最后三行赋予文件受限权限,这也是 opendkim 所需的。