Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 517510 - sec-policy/selinux-dkim need to depend on sec-policy/selinux-milter
Summary: sec-policy/selinux-dkim need to depend on sec-policy/selinux-milter
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: SELinux (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: SE Linux Bugs
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-07-19 15:18 UTC by Vincent Brillault
Modified: 2014-08-01 21:08 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Vincent Brillault 2014-07-19 15:18:06 UTC 
The sec-policy/selinux-dkim ebuild builds the dkim module from the contrib/dkim.{te,fc} files. The .te basic first rule is "milter_template(dkim)"

This function is defined in milter.if (installed by the base modules) which contains:
"""
template(`milter_template',`
        gen_require(`
                attribute milter_data_type, milter_domains;
        ')
[...]
        type $1_milter_t, milter_domains;
[...]
"""

The "milter_domains" is defined in milter.te ("attribute milter_domains;") where it also receives a lot of other rules. Without installing it, dkim cannot work (I can't test it without breaking my server unfortunately).

Adding the following to the sec-policy/selinux-dkim should work:
RDEPEND="=sec-policy/selinux-milter-${PVR}"
Comment 1 Vincent Brillault 2014-07-19 15:21:50 UTC 
Using another server to test (end of the output of a "emerge selinux-dkim"):
"""
 * Inserting the following modules into the strict module store: dkim
libsepol.print_missing_requirements: dkim's global requirements were not met: type/attribute milter_domains (No such file or directory).
libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory).
semodule:  Failed!
 * SELinux module load failed. Trying full reload...
libsepol.print_missing_requirements: dkim's global requirements were not met: type/attribute milter_domains (No such file or directory).
libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory).
semodule:  Failed!
 * Failed to reload SELinux policies.
 *
 * If this is *not* the last SELinux module package being installed,
 * then you can safely ignore this as the reloads will be retried
 * with other, recent modules.
 *
 * If it is the last SELinux module package being installed however,
 * then it is advised to look at the error above and take appropriate
 * action since the new SELinux policies are not loaded until the
 * command finished succesfully.
 *
 * To reload, run the following command from within /usr/share/selinux/strict:
 *   semodule -b base.pp -i $(ls *.pp | grep -v base.pp)
 * or
 *   semodule -b base.pp -i $(ls *.pp | grep -v base.pp | grep -v unconfined.pp)
 * depending on if you need the unconfined domain loaded as well or not.
"""
Comment 2 Sven Vermeulen (RETIRED) gentoo-dev 2014-08-01 21:08:01 UTC 
Done (forgot to update the bug, is in r3 and r4 - r3 is now stable)