rpms/selinux-policy
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Internal interaction goes before external interface calls.

Browse Source
This commit is contained in:
Dominick Grift 2010-09-23 13:57:06 +02:00
parent f6e8660dcb
commit a7b40a9c25
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
policy/modules/services/postfix.te
View File

@ -293,6 +293,10 @@ stream_connect_pattern(postfix_local_t, postfix_public_t, postfix_public_t, post
# for .forward - maybe we need a new type for it? # for .forward - maybe we need a new type for it?
rw_sock_files_pattern(postfix_local_t, postfix_private_t, postfix_private_t) rw_sock_files_pattern(postfix_local_t, postfix_private_t, postfix_private_t)
domtrans_pattern(postfix_local_t, postfix_postdrop_exec_t, postfix_postdrop_t)
# Might be a leak, but I need a postfix expert to explain
allow postfix_postdrop_t postfix_local_t:unix_stream_socket { read write };
allow postfix_local_t postfix_spool_t:file rw_file_perms; allow postfix_local_t postfix_spool_t:file rw_file_perms;
corecmd_exec_shell(postfix_local_t) corecmd_exec_shell(postfix_local_t)
@ -309,10 +313,6 @@ mta_read_config(postfix_local_t)
# Handle vacation script # Handle vacation script
mta_send_mail(postfix_local_t) mta_send_mail(postfix_local_t)
domtrans_pattern(postfix_local_t, postfix_postdrop_exec_t, postfix_postdrop_t)
# Might be a leak, but I need a postfix expert to explain
allow postfix_postdrop_t postfix_local_t:unix_stream_socket { read write };
userdom_read_user_home_content_files(postfix_local_t) userdom_read_user_home_content_files(postfix_local_t)
tunable_policy(`allow_postfix_local_write_mail_spool',` tunable_policy(`allow_postfix_local_write_mail_spool',`