role $2 types postfix_postdrop_t;
')
+########################################
+## <summary>
+## Execute postfix exec in the users domain
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`postfix_exec',`
+ gen_require(`
+ type postfix_exec_t;
+ ')
+
+ can_exec($1, postfix_exec_t)
+')
+
########################################
## <summary>
## Transition to postfix named content
modutils_domtrans_insmod(init_t)
')
+optional_policy(`
+ postfix_exec(init_t)
+ mta_read_aliases(init_t)
+')
+
tunable_policy(`init_systemd',`
allow init_t self:unix_dgram_socket { create_socket_perms sendto };
allow init_t self:process { setsockcreate setfscreate setrlimit };