Merge pull request #1672 from omarc1492/patch-1

Add SELinux support
This commit is contained in:
Erik Wramner 2020-11-01 21:04:28 +01:00 committed by GitHub
commit 6726871efc
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 34 additions and 5 deletions

View file

@ -109,18 +109,33 @@ chmod a+x ./setup.sh
- Don't quote your values.
- Variable substitution is *not* supported (e.g. `OVERRIDE_HOSTNAME=$HOSTNAME.$DOMAINNAME`).
**Note:**: Variables in `.env` are expanded in the `docker-compose.yml` file **only** and **not** in the container. The file `mailserver.env` serves this case where environment variables are used in the container.
**Note:** Variables in `.env` are expanded in the `docker-compose.yml` file **only** and **not** in the container. The file `mailserver.env` serves this case where environment variables are used in the container.
**Note:** If you want to use a bare domain (host name equals domain name) see [FAQ](https://github.com/tomav/docker-mailserver/wiki/FAQ-and-Tips#can-i-use-nakedbare-domains-no-host-name).
### Get up and running
**Note:** If using SELinux and is enabled, skip to next section below.
``` BASH
docker-compose up -d mail
./setup.sh email add <user@domain> [<password>]
./setup.sh config dkim
```
### Get up and running with SELinux
- Edit the files `.env` and `docker-compose.yml`:
- In `.env` uncomment the variable `SELINUX_LABEL`.
- If you want the volume bind mount to be shared among other containers switch `-Z` to `-z`.
- In `docker-compose.yml` uncomment the line that contains `${SELINUX_LABEL}` and comment out or remove the line above.
**Note:** When using `setup.sh` use the option `-z` or `-Z`. This should match the value of `SELINUX_LABEL` in the `.env` file.\
See the [wiki](https://github.com/tomav/docker-mailserver/wiki/Setup-docker-mailserver-using-the-script-setup.sh) for more information regarding `setup.sh`.
``` BASH
docker-compose up -d mail
./setup.sh -Z email add <user@domain> [<password>]
./setup.sh -Z config dkim
```
Now that the keys are generated, you can configure your DNS server by just pasting the content of `config/opendkim/keys/domain.tld/mail.txt` in your `domain.tld.hosts` zone.
### Miscellaneous

View file

@ -5,3 +5,4 @@
HOSTNAME=mail
DOMAINNAME=domain.com
CONTAINER_NAME=mail
#SELINUX_LABEL=-Z

View file

@ -16,6 +16,8 @@ services:
- mailstate:/var/mail-state
- maillogs:/var/log/mail
- ./config/:/tmp/docker-mailserver/
# If SELinux is enabled uncomment line below and comment line above
#- ./config/:/tmp/docker-mailserver/${SELINUX_LABEL}
env_file:
- mailserver.env
cap_add:

View file

@ -27,7 +27,7 @@ function _unset_vars
{
unset CDIR CRI INFO IMAGE_NAME CONTAINER_NAME DEFAULT_CONFIG_PATH
unset USE_CONTAINER WISHED_CONFIG_PATH CONFIG_PATH VOLUME USE_TTY
unset SCRIPT
unset SCRIPT USING_SELINUX
}
function _get_current_directory
@ -55,6 +55,7 @@ WISHED_CONFIG_PATH=
CONFIG_PATH=
VOLUME=
USE_TTY=
USING_SELINUX=
function _check_root
{
@ -116,6 +117,14 @@ OPTIONS:
-h Show this help dialogue
-z Allow container access to the bind mount content
that is shared among multiple containers
on a SELinux-enabled host.
-Z Allow container access to the bind mount content
that is private and unshared with other containers
on a SELinux-enabled host.
SUBCOMMANDS:
email:
@ -184,7 +193,7 @@ function _docker_image
fi
${CRI} run --rm \
-v "${CONFIG_PATH}":/tmp/docker-mailserver \
-v "${CONFIG_PATH}":/tmp/docker-mailserver"${USING_SELINUX}" \
"${USE_TTY}" "${IMAGE_NAME}" "${@}"
fi
}
@ -240,7 +249,7 @@ function _main
fi
local OPTIND
while getopts ":c:i:p:h" OPT
while getopts ":c:i:p:hzZ" OPT
do
case ${OPT} in
c) CONTAINER_NAME="${OPTARG}" ; USE_CONTAINER=true ;; # container specified, connect to running instance
@ -259,6 +268,8 @@ function _main
fi
;;
h) _usage ; return ;;
z) USING_SELINUX=":z" ;;
Z) USING_SELINUX=":Z" ;;
*) echo "Invalid option: -${OPTARG}" >&2 ;;
esac
done