Internal interaction goes before external interface calls.
This commit is contained in:
parent
f6e8660dcb
commit
a7b40a9c25
@ -293,6 +293,10 @@ stream_connect_pattern(postfix_local_t, postfix_public_t, postfix_public_t, post
|
||||
# for .forward - maybe we need a new type for it?
|
||||
rw_sock_files_pattern(postfix_local_t, postfix_private_t, postfix_private_t)
|
||||
|
||||
domtrans_pattern(postfix_local_t, postfix_postdrop_exec_t, postfix_postdrop_t)
|
||||
# Might be a leak, but I need a postfix expert to explain
|
||||
allow postfix_postdrop_t postfix_local_t:unix_stream_socket { read write };
|
||||
|
||||
allow postfix_local_t postfix_spool_t:file rw_file_perms;
|
||||
|
||||
corecmd_exec_shell(postfix_local_t)
|
||||
@ -309,10 +313,6 @@ mta_read_config(postfix_local_t)
|
||||
# Handle vacation script
|
||||
mta_send_mail(postfix_local_t)
|
||||
|
||||
domtrans_pattern(postfix_local_t, postfix_postdrop_exec_t, postfix_postdrop_t)
|
||||
# Might be a leak, but I need a postfix expert to explain
|
||||
allow postfix_postdrop_t postfix_local_t:unix_stream_socket { read write };
|
||||
|
||||
userdom_read_user_home_content_files(postfix_local_t)
|
||||
|
||||
tunable_policy(`allow_postfix_local_write_mail_spool',`
|
||||
|
Loading…
Reference in New Issue
Block a user