I'm looking at getting rmilter installed on a CentOS 7 box. I'm trying to work out which SELinux labels/permissions I need for the daemon to bind/write to the following
pidfile = /run/rmilter/rmilter.pid;
bind_socket = unix:/run/rmilter/rmilter.sock;
Here's how redis and rmilter compare, for example (under /run)
drwxr-xr-x. redis redis system_u:object_r:redis_var_run_t:s0 redis
drwxr-xr-x. root root unconfined_u:object_r:var_run_t:s0 rmilter
I guess you already checked your auditlog (/var/log/audit/audit.log)!
you can try to run audit2allow provided with policycoreutils-python package (you can install it with yum), to get more information about the policy you need to configure! This tool can even help you to generate a policy file you can after load with semodule!
check the man page but audit2allow -w: will help you to understand why your application doesn't work with the current policy
audit2allow -M policy_name : will help you to generate a policy
and then semodule -i policy_name.pp: will install the generated policy (don't forget to check the newly created rules before applying)
Eg: Some command I have done to configure passenger module with apache and selinux:
grep httpd /var/log/audit/audit.log|audit2allow -w
grep httpd /var/log/audit/audit.log|audit2allow -M passenger
semodule -i passenger.pp
Cheer, Julian
