Homelab is usually the best way to learn a new technology. SELinux is something that I need to get used to and I want to know it a lot more than the courses for the RHCSA will teach you. Of course they’ll tell you how to install a policy, they’ll tell you how to set a boolean, but of course without doing it myself, I won’t know it as well as someone who’s been in the market for a while knows it. So I set out to find a way to learn by doing, as that’s how I learn best.
A little while ago, I stumbled upon the iRedMail package that deals with quick and easy setup of a mail server that includes a web interface. While going through the iRedMail for CentOS installation guide, I was instructed to disable or at the very least put into permissive mode the SELinux enforcement level. This struck me as quite odd that I would have to remove one line of security that I have for a mail server.
This server would potentially be completely exposed to the internet and I have to disable security on this extremely public type of server? No thank you. It really frustrated me that this thing didn’t include any traces of trying to allow someone to install iRedMail without having to make too many changes manually to SELinux to get SELinux back to enforce mode. I guess I’ll have to take things into my own hands, we’ll see how the owner of the project feels about that.
So far, I’ve submitted a single pull request that is about 5 lines adding to the clamav installation script but I’ve yet to have that piece of code pulled into the main repository and yet to receive any feedback on the content of my pull request. I’ll see if I can talk to the guy personally but for now, I’ll just keep chuggin’ along and see if there’s other ways that I can help make this package better.
Namely, I’m going to start with reviewing the SELinux policy packages that need to be created and how to get them hosted in the CentOS repos.
Wish me luck!
If you’re looking for a VPS to host your server, check out Linode (the VPS I use to host this site) by using my referral link. It doesn’t get you a discount but it does help me keep this site running and keep you informed about my journey to becoming a Systems Administrator under the RedHat certification.
Image Credit: iRedMail