From 8665803253aa331abddfe78c9490361c50d8b1d6 Mon Sep 17 00:00:00 2001 From: omarc1492 <10967529+omarc1492@users.noreply.github.com> Date: Fri, 30 Oct 2020 10:43:31 -0500 Subject: [PATCH 1/8] Update setup.sh Add script options -z and -Z to handle SELinux environments. --- setup.sh | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/setup.sh b/setup.sh index cf322e50..19ee2604 100755 --- a/setup.sh +++ b/setup.sh @@ -27,7 +27,7 @@ function _unset_vars { unset CDIR CRI INFO IMAGE_NAME CONTAINER_NAME DEFAULT_CONFIG_PATH unset USE_CONTAINER WISHED_CONFIG_PATH CONFIG_PATH VOLUME USE_TTY - unset SCRIPT + unset SCRIPT USING_SELINUX } function _get_current_directory @@ -55,6 +55,7 @@ WISHED_CONFIG_PATH= CONFIG_PATH= VOLUME= USE_TTY= +USING_SELINUX= function _check_root { @@ -116,6 +117,14 @@ OPTIONS: -h Show this help dialogue + -z Allow container access to the bind mount content + that is shared among multiple containers + on a SELinux-enabled host. + + -Z Allow container access to the bind mount content + that is private and unshared with other containers + on a SELinux-enabled host. + SUBCOMMANDS: email: @@ -184,7 +193,7 @@ function _docker_image fi ${CRI} run --rm \ - -v "${CONFIG_PATH}":/tmp/docker-mailserver \ + -v "${CONFIG_PATH}":/tmp/docker-mailserver"${USING_SELINUX}" \ "${USE_TTY}" "${IMAGE_NAME}" "${@}" fi } @@ -240,7 +249,7 @@ function _main fi local OPTIND - while getopts ":c:i:p:h" OPT + while getopts ":c:i:p:hzZ" OPT do case ${OPT} in c) CONTAINER_NAME="${OPTARG}" ; USE_CONTAINER=true ;; # container specified, connect to running instance @@ -259,6 +268,8 @@ function _main fi ;; h) _usage ; return ;; + z) USING_SELINUX=":z" ;; + Z) USING_SELINUX=":Z" ;; *) echo "Invalid option: -${OPTARG}" >&2 ;; esac done From 50c40c4ba6095e64feaecd150e52cf67d996a696 Mon Sep 17 00:00:00 2001 From: omarc1492 <10967529+omarc1492@users.noreply.github.com> Date: Fri, 30 Oct 2020 10:51:27 -0500 Subject: [PATCH 2/8] Update README.md Add example of using script when SELinux is enabled. --- README.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/README.md b/README.md index 68f8be01..f2bc23f7 100644 --- a/README.md +++ b/README.md @@ -121,6 +121,15 @@ docker-compose up -d mail ./setup.sh config dkim ``` +**Note:** If you have SELinux enabled, use the shell script option -z or -Z. See the [wiki](https://github.com/tomav/docker-mailserver/wiki/Setup-docker-mailserver-using-the-script-setup.sh) for more information.\ +Immedietly below you will find an example using option `-Z`. + +``` BASH +docker-compose up -d mail +./setup.sh -Z email add [] +./setup.sh -Z config dkim +``` + Now that the keys are generated, you can configure your DNS server by just pasting the content of `config/opendkim/keys/domain.tld/mail.txt` in your `domain.tld.hosts` zone. ### Miscellaneous From 400900fa9b2cc85695d969034f3adc882baf0724 Mon Sep 17 00:00:00 2001 From: omarc1492 <10967529+omarc1492@users.noreply.github.com> Date: Fri, 30 Oct 2020 12:05:22 -0500 Subject: [PATCH 3/8] Update docker-compose.yml Add additional bind mount option for when SELinux is enabled --- docker-compose.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docker-compose.yml b/docker-compose.yml index 82d32941..e2732cc0 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -16,6 +16,8 @@ services: - mailstate:/var/mail-state - maillogs:/var/log/mail - ./config/:/tmp/docker-mailserver/ + # If SELinux is enabled uncomment line below and comment line above + #- ./config/:/tmp/docker-mailserver/${SELINUX_LABEL} env_file: - mailserver.env cap_add: From 814ebfb2ad508f929047336553579c0e17a53585 Mon Sep 17 00:00:00 2001 From: omarc1492 <10967529+omarc1492@users.noreply.github.com> Date: Fri, 30 Oct 2020 12:07:17 -0500 Subject: [PATCH 4/8] Update compose.env Add optional environment variable that is disabled and has -Z as default option. --- compose.env | 1 + 1 file changed, 1 insertion(+) diff --git a/compose.env b/compose.env index c146c234..fa23923a 100644 --- a/compose.env +++ b/compose.env @@ -5,3 +5,4 @@ HOSTNAME=mail DOMAINNAME=domain.com CONTAINER_NAME=mail +#SELINUX_LABEL=-Z From 96da96b513d2adf52250545ff0c4c5b8ee17c084 Mon Sep 17 00:00:00 2001 From: omarc1492 <10967529+omarc1492@users.noreply.github.com> Date: Fri, 30 Oct 2020 12:22:53 -0500 Subject: [PATCH 5/8] Update README.md --- README.md | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index f2bc23f7..5f11e078 100644 --- a/README.md +++ b/README.md @@ -109,20 +109,26 @@ chmod a+x ./setup.sh - Don't quote your values. - Variable substitution is *not* supported (e.g. `OVERRIDE_HOSTNAME=$HOSTNAME.$DOMAINNAME`). -**Note:**: Variables in `.env` are expanded in the `docker-compose.yml` file **only** and **not** in the container. The file `mailserver.env` serves this case where environment variables are used in the container. +**Note:** Variables in `.env` are expanded in the `docker-compose.yml` file **only** and **not** in the container. The file `mailserver.env` serves this case where environment variables are used in the container. **Note:** If you want to use a bare domain (host name equals domain name) see [FAQ](https://github.com/tomav/docker-mailserver/wiki/FAQ-and-Tips#can-i-use-nakedbare-domains-no-host-name). ### Get up and running - +**Note:** If using SELinux and is enabled, skip to next section below. ``` BASH docker-compose up -d mail ./setup.sh email add [] ./setup.sh config dkim ``` -**Note:** If you have SELinux enabled, use the shell script option -z or -Z. See the [wiki](https://github.com/tomav/docker-mailserver/wiki/Setup-docker-mailserver-using-the-script-setup.sh) for more information.\ -Immedietly below you will find an example using option `-Z`. +### Get up and running with SELinux +- Edit the files `.env` and `docker-compose.yml` + - In `.env` uncomment the variable `SELINUX_LABEL`. + - If you want the volume bind mount to be shared amongst other containers switch `-Z` to `-z`. + - In `docker-compose.yml` uncomment the line that contains `${SELINUX_LABEL}` and comment out or remove the line above. + +- When using `setup.sh` use the shell script option `-z` or `-Z`. The option used should match the value of `SELINUX_LABEL` in `.env`.\ +See the [wiki](https://github.com/tomav/docker-mailserver/wiki/Setup-docker-mailserver-using-the-script-setup.sh) for more information regarding `setup.sh`. ``` BASH docker-compose up -d mail From 1bf7929f879a480080c5e186e721683bd0114d7a Mon Sep 17 00:00:00 2001 From: omarc1492 <10967529+omarc1492@users.noreply.github.com> Date: Fri, 30 Oct 2020 12:25:42 -0500 Subject: [PATCH 6/8] Update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 5f11e078..ea20e679 100644 --- a/README.md +++ b/README.md @@ -122,12 +122,12 @@ docker-compose up -d mail ``` ### Get up and running with SELinux -- Edit the files `.env` and `docker-compose.yml` +- Edit the files `.env` and `docker-compose.yml`: - In `.env` uncomment the variable `SELINUX_LABEL`. - If you want the volume bind mount to be shared amongst other containers switch `-Z` to `-z`. - In `docker-compose.yml` uncomment the line that contains `${SELINUX_LABEL}` and comment out or remove the line above. -- When using `setup.sh` use the shell script option `-z` or `-Z`. The option used should match the value of `SELINUX_LABEL` in `.env`.\ +**Note:** When using `setup.sh` use the shell script option `-z` or `-Z`. This should match the value of `SELINUX_LABEL` in `.env`.\ See the [wiki](https://github.com/tomav/docker-mailserver/wiki/Setup-docker-mailserver-using-the-script-setup.sh) for more information regarding `setup.sh`. ``` BASH From af8da35322cb36313a6474cb8092df34a8d4a335 Mon Sep 17 00:00:00 2001 From: omarc1492 <10967529+omarc1492@users.noreply.github.com> Date: Fri, 30 Oct 2020 12:26:45 -0500 Subject: [PATCH 7/8] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index ea20e679..68692a56 100644 --- a/README.md +++ b/README.md @@ -124,7 +124,7 @@ docker-compose up -d mail ### Get up and running with SELinux - Edit the files `.env` and `docker-compose.yml`: - In `.env` uncomment the variable `SELINUX_LABEL`. - - If you want the volume bind mount to be shared amongst other containers switch `-Z` to `-z`. + - If you want the volume bind mount to be shared among other containers switch `-Z` to `-z`. - In `docker-compose.yml` uncomment the line that contains `${SELINUX_LABEL}` and comment out or remove the line above. **Note:** When using `setup.sh` use the shell script option `-z` or `-Z`. This should match the value of `SELINUX_LABEL` in `.env`.\ From da8677afc2332b62f166bda9a23c38a5c6938d41 Mon Sep 17 00:00:00 2001 From: omarc1492 <10967529+omarc1492@users.noreply.github.com> Date: Fri, 30 Oct 2020 12:29:12 -0500 Subject: [PATCH 8/8] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 68692a56..949f4ecf 100644 --- a/README.md +++ b/README.md @@ -127,7 +127,7 @@ docker-compose up -d mail - If you want the volume bind mount to be shared among other containers switch `-Z` to `-z`. - In `docker-compose.yml` uncomment the line that contains `${SELINUX_LABEL}` and comment out or remove the line above. -**Note:** When using `setup.sh` use the shell script option `-z` or `-Z`. This should match the value of `SELINUX_LABEL` in `.env`.\ +**Note:** When using `setup.sh` use the option `-z` or `-Z`. This should match the value of `SELINUX_LABEL` in the `.env` file.\ See the [wiki](https://github.com/tomav/docker-mailserver/wiki/Setup-docker-mailserver-using-the-script-setup.sh) for more information regarding `setup.sh`. ``` BASH