From a7b40a9c25b105528e96e99737517989af0c58e9 Mon Sep 17 00:00:00 2001
From: Dominick Grift <domg472@gmail.com>
Date: Thu, 23 Sep 2010 13:57:06 +0200
Subject: [PATCH] Internal interaction goes before external interface calls.

---
 policy/modules/services/postfix.te | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/policy/modules/services/postfix.te b/policy/modules/services/postfix.te
index ea6fa961..8dd52ce4 100644
--- a/policy/modules/services/postfix.te
+++ b/policy/modules/services/postfix.te
@@ -293,6 +293,10 @@ stream_connect_pattern(postfix_local_t, postfix_public_t, postfix_public_t, post
 # for .forward - maybe we need a new type for it?
 rw_sock_files_pattern(postfix_local_t, postfix_private_t, postfix_private_t)
 
+domtrans_pattern(postfix_local_t, postfix_postdrop_exec_t, postfix_postdrop_t)
+# Might be a leak, but I need a postfix expert to explain
+allow postfix_postdrop_t postfix_local_t:unix_stream_socket { read write };
+
 allow postfix_local_t postfix_spool_t:file rw_file_perms;
 
 corecmd_exec_shell(postfix_local_t)
@@ -309,10 +313,6 @@ mta_read_config(postfix_local_t)
 # Handle vacation script
 mta_send_mail(postfix_local_t)
 
-domtrans_pattern(postfix_local_t, postfix_postdrop_exec_t, postfix_postdrop_t)
-# Might be a leak, but I need a postfix expert to explain
-allow postfix_postdrop_t postfix_local_t:unix_stream_socket { read write };
-
 userdom_read_user_home_content_files(postfix_local_t)
 
 tunable_policy(`allow_postfix_local_write_mail_spool',`