diff --git a/policy/modules/services/postfix.te b/policy/modules/services/postfix.te index ea6fa96..8dd52ce 100644 --- a/policy/modules/services/postfix.te +++ b/policy/modules/services/postfix.te @@ -293,6 +293,10 @@ stream_connect_pattern(postfix_local_t, postfix_public_t, postfix_public_t, post # for .forward - maybe we need a new type for it? rw_sock_files_pattern(postfix_local_t, postfix_private_t, postfix_private_t) +domtrans_pattern(postfix_local_t, postfix_postdrop_exec_t, postfix_postdrop_t) +# Might be a leak, but I need a postfix expert to explain +allow postfix_postdrop_t postfix_local_t:unix_stream_socket { read write }; + allow postfix_local_t postfix_spool_t:file rw_file_perms; corecmd_exec_shell(postfix_local_t) @@ -309,10 +313,6 @@ mta_read_config(postfix_local_t) # Handle vacation script mta_send_mail(postfix_local_t) -domtrans_pattern(postfix_local_t, postfix_postdrop_exec_t, postfix_postdrop_t) -# Might be a leak, but I need a postfix expert to explain -allow postfix_postdrop_t postfix_local_t:unix_stream_socket { read write }; - userdom_read_user_home_content_files(postfix_local_t) tunable_policy(`allow_postfix_local_write_mail_spool',`