Dontaudit leaked file descriptors to postdrop

author Dan Walsh <dwalsh@redhat.com>

Mon, 18 Jul 2011 14:18:43 +0000 (10:18 -0400)

committer Dan Walsh <dwalsh@redhat.com>

Mon, 18 Jul 2011 14:18:43 +0000 (10:18 -0400)
author Dan Walsh <dwalsh@redhat.com>
Mon, 18 Jul 2011 14:18:43 +0000 (10:18 -0400)
committer Dan Walsh <dwalsh@redhat.com>
Mon, 18 Jul 2011 14:18:43 +0000 (10:18 -0400)
diff --git a/policy/modules/services/postfix.if b/policy/modules/services/postfix.if

index c22af867b022991d4092321631cae45f0ef9d6d5..9e2714e10c4572a9c43f2a218df0f745ce23be0f 100644 (file)
--- a/policy/modules/services/postfix.if
+++ b/policy/modules/services/postfix.if
@@ -800,4 +800,8 @@ interface(`postfix_run_postdrop',`
  
         postfix_domtrans_postdrop($1)
         role $2 types postfix_postdrop_t;
+
+       ifdef(`hide_broken_symptoms', `
+               dontaudit postfix_postdrop_t $1:socket_class_set { getattr read write };
+       ')
  ')
author	Dan Walsh <dwalsh@redhat.com>
	Mon, 18 Jul 2011 14:18:43 +0000 (10:18 -0400)
committer	Dan Walsh <dwalsh@redhat.com>
	Mon, 18 Jul 2011 14:18:43 +0000 (10:18 -0400)