allow postfix_$1_t self:unix_dgram_socket create_socket_perms;
allow postfix_$1_t self:unix_stream_socket create_stream_socket_perms;
allow postfix_$1_t self:unix_stream_socket connectto;
+ allow postfix_$1_t self:fifo_file rw_fifo_file_perms;
allow postfix_master_t postfix_$1_t:process signal;
#https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=244456
# chown is to set the correct ownership of queue dirs
allow postfix_master_t self:capability { chown dac_override kill setgid setuid net_bind_service sys_tty_config };
allow postfix_master_t self:process setrlimit;
-allow postfix_master_t self:fifo_file rw_fifo_file_perms;
allow postfix_master_t self:tcp_socket create_stream_socket_perms;
allow postfix_master_t self:udp_socket create_socket_perms;
#
allow postfix_local_t self:process { setsched setrlimit };
-allow postfix_local_t self:fifo_file rw_fifo_file_perms;
# connect to master process
stream_connect_pattern(postfix_local_t, postfix_public_t, postfix_public_t, postfix_master_t)
# Postfix pickup local policy
#
-allow postfix_pickup_t self:fifo_file rw_fifo_file_perms;
allow postfix_pickup_t self:tcp_socket create_socket_perms;
stream_connect_pattern(postfix_pickup_t, postfix_private_t, postfix_private_t, postfix_master_t)
#
allow postfix_pipe_t self:process setrlimit;
-allow postfix_pipe_t self:fifo_file rw_fifo_file_perms;
write_sock_files_pattern(postfix_pipe_t, postfix_private_t, postfix_private_t)
# Postfix qmgr local policy
#
-allow postfix_qmgr_t self:fifo_file rw_fifo_file_perms;
-
stream_connect_pattern(postfix_qmgr_t, { postfix_private_t postfix_public_t }, { postfix_private_t postfix_public_t }, postfix_master_t)
rw_fifo_files_pattern(postfix_qmgr_t, postfix_public_t, postfix_public_t)
#
allow postfix_virtual_t self:process { setsched setrlimit };
-allow postfix_virtual_t self:fifo_file rw_fifo_file_perms;
allow postfix_virtual_t postfix_spool_t:file rw_file_perms;
projects / people / stevee / selinux-policy.git / commitdiff
