diff --git a/README.md b/README.md index 68f8be01..949f4ecf 100644 --- a/README.md +++ b/README.md @@ -109,18 +109,33 @@ chmod a+x ./setup.sh - Don't quote your values. - Variable substitution is *not* supported (e.g. `OVERRIDE_HOSTNAME=$HOSTNAME.$DOMAINNAME`). -**Note:**: Variables in `.env` are expanded in the `docker-compose.yml` file **only** and **not** in the container. The file `mailserver.env` serves this case where environment variables are used in the container. +**Note:** Variables in `.env` are expanded in the `docker-compose.yml` file **only** and **not** in the container. The file `mailserver.env` serves this case where environment variables are used in the container. **Note:** If you want to use a bare domain (host name equals domain name) see [FAQ](https://github.com/tomav/docker-mailserver/wiki/FAQ-and-Tips#can-i-use-nakedbare-domains-no-host-name). ### Get up and running - +**Note:** If using SELinux and is enabled, skip to next section below. ``` BASH docker-compose up -d mail ./setup.sh email add [] ./setup.sh config dkim ``` +### Get up and running with SELinux +- Edit the files `.env` and `docker-compose.yml`: + - In `.env` uncomment the variable `SELINUX_LABEL`. + - If you want the volume bind mount to be shared among other containers switch `-Z` to `-z`. + - In `docker-compose.yml` uncomment the line that contains `${SELINUX_LABEL}` and comment out or remove the line above. + +**Note:** When using `setup.sh` use the option `-z` or `-Z`. This should match the value of `SELINUX_LABEL` in the `.env` file.\ +See the [wiki](https://github.com/tomav/docker-mailserver/wiki/Setup-docker-mailserver-using-the-script-setup.sh) for more information regarding `setup.sh`. + +``` BASH +docker-compose up -d mail +./setup.sh -Z email add [] +./setup.sh -Z config dkim +``` + Now that the keys are generated, you can configure your DNS server by just pasting the content of `config/opendkim/keys/domain.tld/mail.txt` in your `domain.tld.hosts` zone. ### Miscellaneous diff --git a/compose.env b/compose.env index c146c234..fa23923a 100644 --- a/compose.env +++ b/compose.env @@ -5,3 +5,4 @@ HOSTNAME=mail DOMAINNAME=domain.com CONTAINER_NAME=mail +#SELINUX_LABEL=-Z diff --git a/docker-compose.yml b/docker-compose.yml index 82d32941..e2732cc0 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -16,6 +16,8 @@ services: - mailstate:/var/mail-state - maillogs:/var/log/mail - ./config/:/tmp/docker-mailserver/ + # If SELinux is enabled uncomment line below and comment line above + #- ./config/:/tmp/docker-mailserver/${SELINUX_LABEL} env_file: - mailserver.env cap_add: diff --git a/setup.sh b/setup.sh index cf322e50..19ee2604 100755 --- a/setup.sh +++ b/setup.sh @@ -27,7 +27,7 @@ function _unset_vars { unset CDIR CRI INFO IMAGE_NAME CONTAINER_NAME DEFAULT_CONFIG_PATH unset USE_CONTAINER WISHED_CONFIG_PATH CONFIG_PATH VOLUME USE_TTY - unset SCRIPT + unset SCRIPT USING_SELINUX } function _get_current_directory @@ -55,6 +55,7 @@ WISHED_CONFIG_PATH= CONFIG_PATH= VOLUME= USE_TTY= +USING_SELINUX= function _check_root { @@ -116,6 +117,14 @@ OPTIONS: -h Show this help dialogue + -z Allow container access to the bind mount content + that is shared among multiple containers + on a SELinux-enabled host. + + -Z Allow container access to the bind mount content + that is private and unshared with other containers + on a SELinux-enabled host. + SUBCOMMANDS: email: @@ -184,7 +193,7 @@ function _docker_image fi ${CRI} run --rm \ - -v "${CONFIG_PATH}":/tmp/docker-mailserver \ + -v "${CONFIG_PATH}":/tmp/docker-mailserver"${USING_SELINUX}" \ "${USE_TTY}" "${IMAGE_NAME}" "${@}" fi } @@ -240,7 +249,7 @@ function _main fi local OPTIND - while getopts ":c:i:p:h" OPT + while getopts ":c:i:p:hzZ" OPT do case ${OPT} in c) CONTAINER_NAME="${OPTARG}" ; USE_CONTAINER=true ;; # container specified, connect to running instance @@ -259,6 +268,8 @@ function _main fi ;; h) _usage ; return ;; + z) USING_SELINUX=":z" ;; + Z) USING_SELINUX=":Z" ;; *) echo "Invalid option: -${OPTARG}" >&2 ;; esac done