Internal interaction goes before external interface calls.

This commit is contained in:
Dominick Grift 2010-09-23 13:57:06 +02:00
parent f6e8660dcb
commit a7b40a9c25

View File

@ -293,6 +293,10 @@ stream_connect_pattern(postfix_local_t, postfix_public_t, postfix_public_t, post
# for .forward - maybe we need a new type for it?
rw_sock_files_pattern(postfix_local_t, postfix_private_t, postfix_private_t)
domtrans_pattern(postfix_local_t, postfix_postdrop_exec_t, postfix_postdrop_t)
# Might be a leak, but I need a postfix expert to explain
allow postfix_postdrop_t postfix_local_t:unix_stream_socket { read write };
allow postfix_local_t postfix_spool_t:file rw_file_perms;
corecmd_exec_shell(postfix_local_t)
@ -309,10 +313,6 @@ mta_read_config(postfix_local_t)
# Handle vacation script
mta_send_mail(postfix_local_t)
domtrans_pattern(postfix_local_t, postfix_postdrop_exec_t, postfix_postdrop_t)
# Might be a leak, but I need a postfix expert to explain
allow postfix_postdrop_t postfix_local_t:unix_stream_socket { read write };
userdom_read_user_home_content_files(postfix_local_t)
tunable_policy(`allow_postfix_local_write_mail_spool',`