github-com-docker-mailserver/docker-mailserver
1
0
Fork 0
mirror of https://github.com/docker-mailserver/docker-mailserver.git synced 2024-01-19 02:48:50 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #1672 from omarc1492/patch-1

Browse source 
Add SELinux support
This commit is contained in:
Erik Wramner 2020-11-01 21:04:28 +01:00 committed by GitHub
parent c22c25d623 da8677afc2
commit 6726871efc
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 34 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
README.md
View file

@ -109,18 +109,33 @@ chmod a+x ./setup.sh
- Don't quote your values. - Don't quote your values.
- Variable substitution is *not* supported (e.g. `OVERRIDE_HOSTNAME=$HOSTNAME.$DOMAINNAME`). - Variable substitution is *not* supported (e.g. `OVERRIDE_HOSTNAME=$HOSTNAME.$DOMAINNAME`).
**Note:**: Variables in `.env` are expanded in the `docker-compose.yml` file **only** and **not** in the container. The file `mailserver.env` serves this case where environment variables are used in the container. **Note:** Variables in `.env` are expanded in the `docker-compose.yml` file **only** and **not** in the container. The file `mailserver.env` serves this case where environment variables are used in the container.
**Note:** If you want to use a bare domain (host name equals domain name) see [FAQ](https://github.com/tomav/docker-mailserver/wiki/FAQ-and-Tips#can-i-use-nakedbare-domains-no-host-name). **Note:** If you want to use a bare domain (host name equals domain name) see [FAQ](https://github.com/tomav/docker-mailserver/wiki/FAQ-and-Tips#can-i-use-nakedbare-domains-no-host-name).
### Get up and running ### Get up and running
**Note:** If using SELinux and is enabled, skip to next section below.
``` BASH ``` BASH
docker-compose up -d mail docker-compose up -d mail
./setup.sh email add <user@domain> [<password>] ./setup.sh email add <user@domain> [<password>]
./setup.sh config dkim ./setup.sh config dkim
``` ```
### Get up and running with SELinux
- Edit the files `.env` and `docker-compose.yml`:
- In `.env` uncomment the variable `SELINUX_LABEL`.
- If you want the volume bind mount to be shared among other containers switch `-Z` to `-z`.
- In `docker-compose.yml` uncomment the line that contains `${SELINUX_LABEL}` and comment out or remove the line above.
**Note:** When using `setup.sh` use the option `-z` or `-Z`. This should match the value of `SELINUX_LABEL` in the `.env` file.\
See the [wiki](https://github.com/tomav/docker-mailserver/wiki/Setup-docker-mailserver-using-the-script-setup.sh) for more information regarding `setup.sh`.
``` BASH
docker-compose up -d mail
./setup.sh -Z email add <user@domain> [<password>]
./setup.sh -Z config dkim
```
Now that the keys are generated, you can configure your DNS server by just pasting the content of `config/opendkim/keys/domain.tld/mail.txt` in your `domain.tld.hosts` zone. Now that the keys are generated, you can configure your DNS server by just pasting the content of `config/opendkim/keys/domain.tld/mail.txt` in your `domain.tld.hosts` zone.
### Miscellaneous ### Miscellaneous

1
compose.env
View file

@ -5,3 +5,4 @@
HOSTNAME=mail HOSTNAME=mail
DOMAINNAME=domain.com DOMAINNAME=domain.com
CONTAINER_NAME=mail CONTAINER_NAME=mail
#SELINUX_LABEL=-Z

2
docker-compose.yml
View file

@ -16,6 +16,8 @@ services:
- mailstate:/var/mail-state - mailstate:/var/mail-state
- maillogs:/var/log/mail - maillogs:/var/log/mail
- ./config/:/tmp/docker-mailserver/ - ./config/:/tmp/docker-mailserver/
# If SELinux is enabled uncomment line below and comment line above
#- ./config/:/tmp/docker-mailserver/${SELINUX_LABEL}
env_file: env_file:
- mailserver.env - mailserver.env
cap_add: cap_add:

17
setup.sh
View file

@ -27,7 +27,7 @@ function _unset_vars
{ {
unset CDIR CRI INFO IMAGE_NAME CONTAINER_NAME DEFAULT_CONFIG_PATH unset CDIR CRI INFO IMAGE_NAME CONTAINER_NAME DEFAULT_CONFIG_PATH
unset USE_CONTAINER WISHED_CONFIG_PATH CONFIG_PATH VOLUME USE_TTY unset USE_CONTAINER WISHED_CONFIG_PATH CONFIG_PATH VOLUME USE_TTY
unset SCRIPT unset SCRIPT USING_SELINUX
} }
function _get_current_directory function _get_current_directory
@ -55,6 +55,7 @@ WISHED_CONFIG_PATH=
CONFIG_PATH= CONFIG_PATH=
VOLUME= VOLUME=
USE_TTY= USE_TTY=
USING_SELINUX=
function _check_root function _check_root
{ {
@ -116,6 +117,14 @@ OPTIONS:
-h Show this help dialogue -h Show this help dialogue
-z Allow container access to the bind mount content
that is shared among multiple containers
on a SELinux-enabled host.
-Z Allow container access to the bind mount content
that is private and unshared with other containers
on a SELinux-enabled host.
SUBCOMMANDS: SUBCOMMANDS:
email: email:
@ -184,7 +193,7 @@ function _docker_image
fi fi
${CRI} run --rm \ ${CRI} run --rm \
-v "${CONFIG_PATH}":/tmp/docker-mailserver \ -v "${CONFIG_PATH}":/tmp/docker-mailserver"${USING_SELINUX}" \
"${USE_TTY}" "${IMAGE_NAME}" "${@}" "${USE_TTY}" "${IMAGE_NAME}" "${@}"
fi fi
} }
@ -240,7 +249,7 @@ function _main
fi fi
local OPTIND local OPTIND
while getopts ":c:i:p:h" OPT while getopts ":c:i:p:hzZ" OPT
do do
case ${OPT} in case ${OPT} in
c) CONTAINER_NAME="${OPTARG}" ; USE_CONTAINER=true ;; # container specified, connect to running instance c) CONTAINER_NAME="${OPTARG}" ; USE_CONTAINER=true ;; # container specified, connect to running instance
@ -259,6 +268,8 @@ function _main
fi fi
;; ;;
h) _usage ; return ;; h) _usage ; return ;;
z) USING_SELINUX=":z" ;;
Z) USING_SELINUX=":Z" ;;
*) echo "Invalid option: -${OPTARG}" >&2 ;; *) echo "Invalid option: -${OPTARG}" >&2 ;;
esac esac
done done