policy/modules/services/postfix.te

   1 policy_module(postfix, 1.12.0)
   2
   3 ########################################
   4 #
   5 # Declarations
   6 #
   7
   8 ## <desc>
   9 ## <p>
  10 ## Allow postfix_local domain full write access to mail_spool directories
  11 ##
  12 ## </p>
  13 ## </desc>
  14 gen_tunable(allow_postfix_local_write_mail_spool, false)
  15
  16 attribute postfix_spool_type;
  17 attribute postfix_user_domains;
  18 # domains that transition to the
  19 # postfix user domains
  20 attribute postfix_user_domtrans;
  21
  22 postfix_server_domain_template(bounce)
  23
  24 type postfix_spool_bounce_t,  postfix_spool_type;
  25 files_type(postfix_spool_bounce_t)
  26
  27 postfix_server_domain_template(cleanup)
  28
  29 type postfix_etc_t;
  30 files_config_file(postfix_etc_t)
  31
  32 type postfix_exec_t;
  33 application_executable_file(postfix_exec_t)
  34
  35 postfix_server_domain_template(local)
  36 mta_mailserver_delivery(postfix_local_t)
  37
  38 # Handle vacation script
  39 mta_send_mail(postfix_local_t)
  40
  41 userdom_read_user_home_content_files(postfix_local_t)
  42
  43 tunable_policy(`allow_postfix_local_write_mail_spool',`
  44         mta_manage_spool(postfix_local_t)
  45 ')
  46
  47 # Program for creating database files
  48 type postfix_map_t;
  49 type postfix_map_exec_t;
  50 application_domain(postfix_map_t, postfix_map_exec_t)
  51 role system_r types postfix_map_t;
  52
  53 type postfix_map_tmp_t;
  54 files_tmp_file(postfix_map_tmp_t)
  55
  56 postfix_domain_template(master)
  57 typealias postfix_master_t alias postfix_t;
  58 # alias is a hack to make the disable trans bool
  59 # generation macro work
  60 mta_mailserver(postfix_t, postfix_master_exec_t)
  61
  62 type postfix_initrc_exec_t;
  63 init_script_file(postfix_initrc_exec_t)
  64
  65 postfix_server_domain_template(pickup)
  66
  67 postfix_server_domain_template(pipe)
  68
  69 postfix_user_domain_template(postdrop)
  70 mta_mailserver_user_agent(postfix_postdrop_t)
  71
  72 postfix_user_domain_template(postqueue)
  73 mta_mailserver_user_agent(postfix_postqueue_t)
  74
  75 type postfix_private_t;
  76 files_type(postfix_private_t)
  77
  78 type postfix_prng_t;
  79 files_type(postfix_prng_t)
  80
  81 postfix_server_domain_template(qmgr)
  82
  83 postfix_user_domain_template(showq)
  84
  85 postfix_server_domain_template(smtp)
  86 mta_mailserver_sender(postfix_smtp_t)
  87
  88 postfix_server_domain_template(smtpd)
  89
  90 type postfix_spool_t, postfix_spool_type;
  91 files_type(postfix_spool_t)
  92
  93 type postfix_spool_maildrop_t, postfix_spool_type;
  94 files_type(postfix_spool_maildrop_t)
  95
  96 type postfix_spool_flush_t, postfix_spool_type;
  97 files_type(postfix_spool_flush_t)
  98
  99 type postfix_public_t;
 100 files_type(postfix_public_t)
 101
 102 type postfix_var_run_t;
 103 files_pid_file(postfix_var_run_t)
 104
 105 # the data_directory config parameter
 106 type postfix_data_t;
 107 files_type(postfix_data_t)
 108
 109 postfix_server_domain_template(virtual)
 110 mta_mailserver_delivery(postfix_virtual_t)
 111
 112 ########################################
 113 #
 114 # Postfix master process local policy
 115 #
 116
 117 # chown is to set the correct ownership of queue dirs
 118 allow postfix_master_t self:capability { chown dac_override kill setgid setuid net_bind_service sys_tty_config };
 119 allow postfix_master_t self:fifo_file rw_fifo_file_perms;
 120 allow postfix_master_t self:tcp_socket create_stream_socket_perms;
 121 allow postfix_master_t self:udp_socket create_socket_perms;
 122 allow postfix_master_t self:process setrlimit;
 123
 124 allow postfix_master_t postfix_etc_t:dir rw_dir_perms;
 125 allow postfix_master_t postfix_etc_t:file rw_file_perms;
 126 mta_filetrans_aliases(postfix_master_t, postfix_etc_t)
 127
 128 can_exec(postfix_master_t, postfix_exec_t)
 129
 130 allow postfix_master_t postfix_data_t:dir manage_dir_perms;
 131 allow postfix_master_t postfix_data_t:file manage_file_perms;
 132
 133 allow postfix_master_t postfix_map_exec_t:file { mmap_file_perms ioctl lock };
 134
 135 allow postfix_master_t postfix_postdrop_exec_t:file getattr;
 136
 137 allow postfix_master_t postfix_postqueue_exec_t:file getattr;
 138
 139 manage_fifo_files_pattern(postfix_master_t, postfix_private_t, postfix_private_t)
 140 manage_sock_files_pattern(postfix_master_t, postfix_private_t, postfix_private_t)
 141
 142 domtrans_pattern(postfix_master_t, postfix_postqueue_exec_t, postfix_postqueue_t)
 143
 144 allow postfix_master_t postfix_prng_t:file rw_file_perms;
 145
 146 manage_fifo_files_pattern(postfix_master_t, postfix_public_t, postfix_public_t)
 147 manage_sock_files_pattern(postfix_master_t, postfix_public_t, postfix_public_t)
 148
 149 domtrans_pattern(postfix_master_t, postfix_showq_exec_t, postfix_showq_t)
 150
 151 # allow access to deferred queue and allow removing bogus incoming entries
 152 manage_dirs_pattern(postfix_master_t, postfix_spool_t, postfix_spool_t)
 153 manage_files_pattern(postfix_master_t, postfix_spool_t, postfix_spool_t)
 154 files_spool_filetrans(postfix_master_t, postfix_spool_t, dir)
 155
 156 allow postfix_master_t postfix_spool_bounce_t:dir manage_dir_perms;
 157 allow postfix_master_t postfix_spool_bounce_t:file getattr;
 158
 159 manage_dirs_pattern(postfix_master_t, postfix_spool_flush_t, postfix_spool_flush_t)
 160 manage_files_pattern(postfix_master_t, postfix_spool_flush_t, postfix_spool_flush_t)
 161 manage_lnk_files_pattern(postfix_master_t, postfix_spool_flush_t, postfix_spool_flush_t)
 162
 163 delete_files_pattern(postfix_master_t, postfix_spool_maildrop_t, postfix_spool_maildrop_t)
 164 rename_files_pattern(postfix_master_t, postfix_spool_maildrop_t, postfix_spool_maildrop_t)
 165 setattr_dirs_pattern(postfix_master_t, postfix_spool_maildrop_t, postfix_spool_maildrop_t)
 166
 167 kernel_read_all_sysctls(postfix_master_t)
 168
 169 corenet_all_recvfrom_unlabeled(postfix_master_t)
 170 corenet_all_recvfrom_netlabel(postfix_master_t)
 171 corenet_tcp_sendrecv_generic_if(postfix_master_t)
 172 corenet_udp_sendrecv_generic_if(postfix_master_t)
 173 corenet_tcp_sendrecv_generic_node(postfix_master_t)
 174 corenet_udp_sendrecv_generic_node(postfix_master_t)
 175 corenet_tcp_sendrecv_all_ports(postfix_master_t)
 176 corenet_udp_sendrecv_all_ports(postfix_master_t)
 177 corenet_udp_bind_generic_node(postfix_master_t)
 178 corenet_udp_bind_all_unreserved_ports(postfix_master_t)
 179 corenet_dontaudit_udp_bind_all_ports(postfix_master_t)
 180 corenet_tcp_bind_generic_node(postfix_master_t)
 181 corenet_tcp_bind_amavisd_send_port(postfix_master_t)
 182 corenet_tcp_bind_smtp_port(postfix_master_t)
 183 corenet_tcp_connect_all_ports(postfix_master_t)
 184 corenet_sendrecv_amavisd_send_server_packets(postfix_master_t)
 185 corenet_sendrecv_smtp_server_packets(postfix_master_t)
 186 corenet_sendrecv_all_client_packets(postfix_master_t)
 187
 188 # for a find command
 189 selinux_dontaudit_search_fs(postfix_master_t)
 190
 191 corecmd_exec_shell(postfix_master_t)
 192 corecmd_exec_bin(postfix_master_t)
 193
 194 domain_use_interactive_fds(postfix_master_t)
 195
 196 files_read_usr_files(postfix_master_t)
 197 files_search_var_lib(postfix_master_t)
 198 files_search_tmp(postfix_master_t)
 199
 200 term_dontaudit_search_ptys(postfix_master_t)
 201
 202 miscfiles_read_man_pages(postfix_master_t)
 203
 204 seutil_sigchld_newrole(postfix_master_t)
 205 # postfix does a "find" on startup for some reason - keep it quiet
 206 seutil_dontaudit_search_config(postfix_master_t)
 207
 208 mta_rw_aliases(postfix_master_t)
 209 mta_read_sendmail_bin(postfix_master_t)
 210 mta_getattr_spool(postfix_master_t)
 211
 212 ifdef(`distro_redhat',`
 213         # for newer main.cf that uses /etc/aliases
 214         mta_manage_aliases(postfix_master_t)
 215         mta_etc_filetrans_aliases(postfix_master_t)
 216 ')
 217
 218 optional_policy(`
 219         cyrus_stream_connect(postfix_master_t)
 220 ')
 221
 222 optional_policy(`
 223         kerberos_keytab_template(postfix, postfix_t)
 224 ')
 225
 226 optional_policy(`
 227 #       for postalias
 228         mailman_manage_data_files(postfix_master_t)
 229 ')
 230
 231 optional_policy(`
 232         mysql_stream_connect(postfix_master_t)
 233 ')
 234
 235 optional_policy(`
 236         postgrey_search_spool(postfix_master_t)
 237 ')
 238
 239 optional_policy(`
 240         sendmail_signal(postfix_master_t)
 241 ')
 242
 243 ########################################
 244 #
 245 # Postfix bounce local policy
 246 #
 247
 248 allow postfix_bounce_t self:capability dac_read_search;
 249 allow postfix_bounce_t self:tcp_socket create_socket_perms;
 250
 251 allow postfix_bounce_t postfix_public_t:sock_file write;
 252 allow postfix_bounce_t postfix_public_t:dir search;
 253
 254 manage_dirs_pattern(postfix_bounce_t, postfix_spool_t, postfix_spool_t)
 255 manage_files_pattern(postfix_bounce_t, postfix_spool_t, postfix_spool_t)
 256 manage_lnk_files_pattern(postfix_bounce_t, postfix_spool_t, postfix_spool_t)
 257 files_spool_filetrans(postfix_bounce_t, postfix_spool_t, dir)
 258
 259 manage_dirs_pattern(postfix_bounce_t, postfix_spool_bounce_t, postfix_spool_bounce_t)
 260 manage_files_pattern(postfix_bounce_t, postfix_spool_bounce_t, postfix_spool_bounce_t)
 261 manage_lnk_files_pattern(postfix_bounce_t, postfix_spool_bounce_t, postfix_spool_bounce_t)
 262
 263 ########################################
 264 #
 265 # Postfix cleanup local policy
 266 #
 267
 268 allow postfix_cleanup_t self:process setrlimit;
 269
 270 # connect to master process
 271 stream_connect_pattern(postfix_cleanup_t, postfix_private_t, postfix_private_t, postfix_master_t)
 272
 273 rw_fifo_files_pattern(postfix_cleanup_t, postfix_public_t, postfix_public_t)
 274 write_sock_files_pattern(postfix_cleanup_t, postfix_public_t, postfix_public_t)
 275
 276 manage_dirs_pattern(postfix_cleanup_t, postfix_spool_t, postfix_spool_t)
 277 manage_files_pattern(postfix_cleanup_t, postfix_spool_t, postfix_spool_t)
 278 manage_lnk_files_pattern(postfix_cleanup_t, postfix_spool_t, postfix_spool_t)
 279 files_spool_filetrans(postfix_cleanup_t, postfix_spool_t, dir)
 280
 281 allow postfix_cleanup_t postfix_spool_bounce_t:dir list_dir_perms;
 282
 283 corecmd_exec_bin(postfix_cleanup_t)
 284
 285 mta_read_aliases(postfix_cleanup_t)
 286
 287 optional_policy(`
 288         mailman_read_data_files(postfix_cleanup_t)
 289 ')
 290
 291 ########################################
 292 #
 293 # Postfix local local policy
 294 #
 295
 296 allow postfix_local_t self:fifo_file rw_fifo_file_perms;
 297 allow postfix_local_t self:process { setsched setrlimit };
 298
 299 # connect to master process
 300 stream_connect_pattern(postfix_local_t, postfix_public_t, postfix_public_t, postfix_master_t)
 301
 302 # for .forward - maybe we need a new type for it?
 303 rw_sock_files_pattern(postfix_local_t, postfix_private_t, postfix_private_t)
 304
 305 allow postfix_local_t postfix_spool_t:file rw_file_perms;
 306
 307 corecmd_exec_shell(postfix_local_t)
 308 corecmd_exec_bin(postfix_local_t)
 309
 310 files_read_etc_files(postfix_local_t)
 311
 312 logging_dontaudit_search_logs(postfix_local_t)
 313
 314 mta_read_aliases(postfix_local_t)
 315 mta_delete_spool(postfix_local_t)
 316 # For reading spamassasin
 317 mta_read_config(postfix_local_t)
 318
 319 domtrans_pattern(postfix_local_t, postfix_postdrop_exec_t, postfix_postdrop_t)
 320 # Might be a leak, but I need a postfix expert to explain
 321 allow postfix_postdrop_t postfix_local_t:unix_stream_socket { read write };
 322
 323 optional_policy(`
 324         clamav_search_lib(postfix_local_t)
 325         clamav_exec_clamscan(postfix_local_t)
 326 ')
 327
 328 optional_policy(`
 329 #       for postalias
 330         mailman_manage_data_files(postfix_local_t)
 331         mailman_append_log(postfix_local_t)
 332         mailman_read_log(postfix_local_t)
 333 ')
 334
 335 optional_policy(`
 336         nagios_search_spool(postfix_local_t)
 337 ')
 338
 339 optional_policy(`
 340         procmail_domtrans(postfix_local_t)
 341 ')
 342
 343 optional_policy(`
 344         zarafa_deliver_domtrans(postfix_local_t)
 345 ')
 346
 347 ########################################
 348 #
 349 # Postfix map local policy
 350 #
 351 allow postfix_map_t self:capability { dac_override setgid setuid };
 352 allow postfix_map_t self:unix_stream_socket create_stream_socket_perms;
 353 allow postfix_map_t self:unix_dgram_socket create_socket_perms;
 354 allow postfix_map_t self:tcp_socket create_stream_socket_perms;
 355 allow postfix_map_t self:udp_socket create_socket_perms;
 356
 357 manage_dirs_pattern(postfix_map_t, postfix_etc_t, postfix_etc_t)
 358 manage_files_pattern(postfix_map_t, postfix_etc_t, postfix_etc_t)
 359 manage_lnk_files_pattern(postfix_map_t, postfix_etc_t, postfix_etc_t)
 360
 361 manage_dirs_pattern(postfix_map_t, postfix_map_tmp_t, postfix_map_tmp_t)
 362 manage_files_pattern(postfix_map_t, postfix_map_tmp_t, postfix_map_tmp_t)
 363 files_tmp_filetrans(postfix_map_t, postfix_map_tmp_t, { file dir })
 364
 365 kernel_read_kernel_sysctls(postfix_map_t)
 366 kernel_dontaudit_list_proc(postfix_map_t)
 367 kernel_dontaudit_read_system_state(postfix_map_t)
 368
 369 corenet_all_recvfrom_unlabeled(postfix_map_t)
 370 corenet_all_recvfrom_netlabel(postfix_map_t)
 371 corenet_tcp_sendrecv_generic_if(postfix_map_t)
 372 corenet_udp_sendrecv_generic_if(postfix_map_t)
 373 corenet_tcp_sendrecv_generic_node(postfix_map_t)
 374 corenet_udp_sendrecv_generic_node(postfix_map_t)
 375 corenet_tcp_sendrecv_all_ports(postfix_map_t)
 376 corenet_udp_sendrecv_all_ports(postfix_map_t)
 377 corenet_tcp_connect_all_ports(postfix_map_t)
 378 corenet_sendrecv_all_client_packets(postfix_map_t)
 379
 380 corecmd_list_bin(postfix_map_t)
 381 corecmd_read_bin_symlinks(postfix_map_t)
 382 corecmd_read_bin_files(postfix_map_t)
 383 corecmd_read_bin_pipes(postfix_map_t)
 384 corecmd_read_bin_sockets(postfix_map_t)
 385
 386 files_list_home(postfix_map_t)
 387 files_read_usr_files(postfix_map_t)
 388 files_read_etc_files(postfix_map_t)
 389 files_read_etc_runtime_files(postfix_map_t)
 390 files_dontaudit_search_var(postfix_map_t)
 391
 392 auth_use_nsswitch(postfix_map_t)
 393
 394 logging_send_syslog_msg(postfix_map_t)
 395
 396 miscfiles_read_localization(postfix_map_t)
 397
 398 optional_policy(`
 399         locallogin_dontaudit_use_fds(postfix_map_t)
 400 ')
 401
 402 optional_policy(`
 403 #       for postalias
 404         mailman_manage_data_files(postfix_map_t)
 405 ')
 406
 407 ########################################
 408 #
 409 # Postfix pickup local policy
 410 #
 411
 412 allow postfix_pickup_t self:tcp_socket create_socket_perms;
 413
 414 stream_connect_pattern(postfix_pickup_t, postfix_private_t, postfix_private_t, postfix_master_t)
 415
 416 rw_fifo_files_pattern(postfix_pickup_t, postfix_public_t, postfix_public_t)
 417 rw_sock_files_pattern(postfix_pickup_t, postfix_public_t, postfix_public_t)
 418
 419 postfix_list_spool(postfix_pickup_t)
 420
 421 allow postfix_pickup_t postfix_spool_maildrop_t:dir list_dir_perms;
 422 read_files_pattern(postfix_pickup_t, postfix_spool_maildrop_t, postfix_spool_maildrop_t)
 423 delete_files_pattern(postfix_pickup_t, postfix_spool_maildrop_t, postfix_spool_maildrop_t)
 424
 425 ########################################
 426 #
 427 # Postfix pipe local policy
 428 #
 429
 430 allow postfix_pipe_t self:fifo_file rw_fifo_file_perms;
 431 allow postfix_pipe_t self:process setrlimit;
 432
 433 write_sock_files_pattern(postfix_pipe_t, postfix_private_t, postfix_private_t)
 434
 435 write_fifo_files_pattern(postfix_pipe_t, postfix_public_t, postfix_public_t)
 436
 437 rw_files_pattern(postfix_pipe_t, postfix_spool_t, postfix_spool_t)
 438
 439 domtrans_pattern(postfix_pipe_t, postfix_postdrop_exec_t, postfix_postdrop_t)
 440
 441 corecmd_exec_bin(postfix_pipe_t)
 442
 443 optional_policy(`
 444         dovecot_domtrans_deliver(postfix_pipe_t)
 445 ')
 446
 447 optional_policy(`
 448         procmail_domtrans(postfix_pipe_t)
 449 ')
 450
 451 optional_policy(`
 452         mailman_domtrans_queue(postfix_pipe_t)
 453 ')
 454
 455 optional_policy(`
 456         mta_manage_spool(postfix_pipe_t)
 457         mta_send_mail(postfix_pipe_t)
 458 ')
 459
 460 optional_policy(`
 461         spamassassin_domtrans_client(postfix_pipe_t)
 462         spamassassin_kill_client(postfix_pipe_t)
 463 ')
 464
 465 optional_policy(`
 466         uucp_domtrans_uux(postfix_pipe_t)
 467 ')
 468
 469 ########################################
 470 #
 471 # Postfix postdrop local policy
 472 #
 473
 474 # usually it does not need a UDP socket
 475 allow postfix_postdrop_t self:capability sys_resource;
 476 allow postfix_postdrop_t self:tcp_socket create;
 477 allow postfix_postdrop_t self:udp_socket create_socket_perms;
 478
 479 rw_fifo_files_pattern(postfix_postdrop_t, postfix_public_t, postfix_public_t)
 480
 481 postfix_list_spool(postfix_postdrop_t)
 482 manage_files_pattern(postfix_postdrop_t, postfix_spool_maildrop_t, postfix_spool_maildrop_t)
 483
 484 corenet_udp_sendrecv_generic_if(postfix_postdrop_t)
 485 corenet_udp_sendrecv_generic_node(postfix_postdrop_t)
 486
 487 term_dontaudit_use_all_ptys(postfix_postdrop_t)
 488 term_dontaudit_use_all_ttys(postfix_postdrop_t)
 489
 490 mta_rw_user_mail_stream_sockets(postfix_postdrop_t)
 491
 492 optional_policy(`
 493         apache_dontaudit_rw_fifo_file(postfix_postdrop_t)
 494 ')
 495
 496 optional_policy(`
 497         cron_system_entry(postfix_postdrop_t, postfix_postdrop_exec_t)
 498 ')
 499
 500 # https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=239951
 501 optional_policy(`
 502         fstools_read_pipes(postfix_postdrop_t)
 503 ')
 504
 505 optional_policy(`
 506         sendmail_rw_unix_stream_sockets(postfix_postdrop_t)
 507 ')
 508
 509 optional_policy(`
 510         uucp_manage_spool(postfix_postdrop_t)
 511 ')
 512
 513 #######################################
 514 #
 515 # Postfix postqueue local policy
 516 #
 517
 518 allow postfix_postqueue_t self:tcp_socket create;
 519 allow postfix_postqueue_t self:udp_socket { create ioctl };
 520
 521 # wants to write to /var/spool/postfix/public/showq
 522 stream_connect_pattern(postfix_postqueue_t, postfix_public_t, postfix_public_t, postfix_master_t)
 523
 524 # write to /var/spool/postfix/public/qmgr
 525 write_fifo_files_pattern(postfix_postqueue_t, postfix_public_t, postfix_public_t)
 526
 527 domtrans_pattern(postfix_postqueue_t, postfix_showq_exec_t, postfix_showq_t)
 528
 529 # to write the mailq output, it really should not need read access!
 530 term_use_all_ptys(postfix_postqueue_t)
 531 term_use_all_ttys(postfix_postqueue_t)
 532
 533 init_sigchld_script(postfix_postqueue_t)
 534 init_use_script_fds(postfix_postqueue_t)
 535
 536 optional_policy(`
 537         cron_system_entry(postfix_postqueue_t, postfix_postqueue_exec_t)
 538 ')
 539
 540 optional_policy(`
 541         ppp_use_fds(postfix_postqueue_t)
 542         ppp_sigchld(postfix_postqueue_t)
 543 ')
 544
 545 ########################################
 546 #
 547 # Postfix qmgr local policy
 548 #
 549
 550 stream_connect_pattern(postfix_qmgr_t, { postfix_private_t postfix_public_t }, { postfix_private_t postfix_public_t }, postfix_master_t)
 551
 552 rw_fifo_files_pattern(postfix_qmgr_t, postfix_public_t, postfix_public_t)
 553
 554 # for /var/spool/postfix/active
 555 manage_dirs_pattern(postfix_qmgr_t, postfix_spool_t, postfix_spool_t)
 556 manage_files_pattern(postfix_qmgr_t, postfix_spool_t, postfix_spool_t)
 557 manage_lnk_files_pattern(postfix_qmgr_t, postfix_spool_t, postfix_spool_t)
 558 files_spool_filetrans(postfix_qmgr_t, postfix_spool_t, dir)
 559
 560 allow postfix_qmgr_t postfix_spool_bounce_t:dir list_dir_perms;
 561 allow postfix_qmgr_t postfix_spool_bounce_t:file read_file_perms;
 562 allow postfix_qmgr_t postfix_spool_bounce_t:lnk_file { getattr read };
 563
 564 corecmd_exec_bin(postfix_qmgr_t)
 565
 566 ########################################
 567 #
 568 # Postfix showq local policy
 569 #
 570
 571 allow postfix_showq_t self:capability { setuid setgid };
 572 allow postfix_showq_t self:tcp_socket create_socket_perms;
 573
 574 allow postfix_showq_t postfix_master_t:unix_stream_socket { accept rw_socket_perms };
 575
 576 allow postfix_showq_t postfix_spool_t:file read_file_perms;
 577
 578 postfix_list_spool(postfix_showq_t)
 579
 580 allow postfix_showq_t postfix_spool_maildrop_t:dir list_dir_perms;
 581 allow postfix_showq_t postfix_spool_maildrop_t:file read_file_perms;
 582 allow postfix_showq_t postfix_spool_maildrop_t:lnk_file { getattr read };
 583
 584 # to write the mailq output, it really should not need read access!
 585 term_use_all_ptys(postfix_showq_t)
 586 term_use_all_ttys(postfix_showq_t)
 587
 588 ########################################
 589 #
 590 # Postfix smtp delivery local policy
 591 #
 592
 593 # connect to master process
 594 allow postfix_smtp_t self:capability sys_chroot;
 595 stream_connect_pattern(postfix_smtp_t, { postfix_private_t postfix_public_t }, { postfix_private_t postfix_public_t }, postfix_master_t)
 596
 597 allow postfix_smtp_t postfix_prng_t:file rw_file_perms;
 598
 599 allow postfix_smtp_t postfix_spool_t:file rw_file_perms;
 600
 601 files_search_all_mountpoints(postfix_smtp_t)
 602
 603 optional_policy(`
 604         cyrus_stream_connect(postfix_smtp_t)
 605 ')
 606
 607 optional_policy(`
 608         milter_stream_connect_all(postfix_smtp_t)
 609 ')
 610
 611 ########################################
 612 #
 613 # Postfix smtpd local policy
 614 #
 615 allow postfix_smtpd_t postfix_master_t:tcp_socket rw_stream_socket_perms;
 616
 617 # connect to master process
 618 stream_connect_pattern(postfix_smtpd_t, { postfix_private_t postfix_public_t }, { postfix_private_t postfix_public_t }, postfix_master_t)
 619
 620 # Connect to policy server
 621 corenet_tcp_connect_postfix_policyd_port(postfix_smtpd_t)
 622
 623 # for prng_exch
 624 allow postfix_smtpd_t postfix_spool_t:file rw_file_perms;
 625 allow postfix_smtpd_t postfix_prng_t:file rw_file_perms;
 626
 627 corecmd_exec_bin(postfix_smtpd_t)
 628
 629 # for OpenSSL certificates
 630 files_read_usr_files(postfix_smtpd_t)
 631
 632 # postfix checks the size of all mounted file systems
 633 fs_getattr_all_dirs(postfix_smtpd_t)
 634 fs_getattr_all_fs(postfix_smtpd_t)
 635
 636 mta_read_aliases(postfix_smtpd_t)
 637
 638 optional_policy(`
 639         dovecot_stream_connect_auth(postfix_smtpd_t)
 640 ')
 641
 642 optional_policy(`
 643         mailman_read_data_files(postfix_smtpd_t)
 644 ')
 645
 646 optional_policy(`
 647         postgrey_stream_connect(postfix_smtpd_t)
 648 ')
 649
 650 optional_policy(`
 651         sasl_connect(postfix_smtpd_t)
 652 ')
 653
 654 ########################################
 655 #
 656 # Postfix virtual local policy
 657 #
 658
 659 allow postfix_virtual_t self:fifo_file rw_fifo_file_perms;
 660 allow postfix_virtual_t self:process { setsched setrlimit };
 661
 662 allow postfix_virtual_t postfix_spool_t:file rw_file_perms;
 663
 664 # connect to master process
 665 stream_connect_pattern(postfix_virtual_t, { postfix_private_t postfix_public_t }, { postfix_private_t postfix_public_t }, postfix_master_t)
 666
 667 corecmd_exec_shell(postfix_virtual_t)
 668 corecmd_exec_bin(postfix_virtual_t)
 669
 670 files_read_etc_files(postfix_virtual_t)
 671 files_read_usr_files(postfix_virtual_t)
 672
 673 mta_read_aliases(postfix_virtual_t)
 674 mta_delete_spool(postfix_virtual_t)
 675 # For reading spamassasin
 676 mta_read_config(postfix_virtual_t)
 677 mta_manage_spool(postfix_virtual_t)
 678
 679 userdom_manage_user_home_dirs(postfix_virtual_t)
 680 userdom_manage_user_home_content(postfix_virtual_t)
 681 userdom_home_filetrans_user_home_dir(postfix_virtual_t)
 682 userdom_user_home_dir_filetrans_user_home_content(postfix_virtual_t, {file dir })