From d23b2a093fb7014fa2f3e6580ad86462bf7ddec2 Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Mon, 28 Nov 2011 22:24:02 -0500 Subject: [PATCH] Allow all postfix domains to use the fifo_file --- policy/modules/services/postfix.if | 1 + policy/modules/services/postfix.te | 7 ------- 2 files changed, 1 insertion(+), 7 deletions(-) diff --git a/policy/modules/services/postfix.if b/policy/modules/services/postfix.if index 2216f6ae..1fbe0fae 100644 --- a/policy/modules/services/postfix.if +++ b/policy/modules/services/postfix.if @@ -40,6 +40,7 @@ template(`postfix_domain_template',` allow postfix_$1_t self:unix_dgram_socket create_socket_perms; allow postfix_$1_t self:unix_stream_socket create_stream_socket_perms; allow postfix_$1_t self:unix_stream_socket connectto; + allow postfix_$1_t self:fifo_file rw_fifo_file_perms; allow postfix_master_t postfix_$1_t:process signal; #https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=244456 diff --git a/policy/modules/services/postfix.te b/policy/modules/services/postfix.te index 94e68b21..149da7a1 100644 --- a/policy/modules/services/postfix.te +++ b/policy/modules/services/postfix.te @@ -107,7 +107,6 @@ mta_mailserver_delivery(postfix_virtual_t) # chown is to set the correct ownership of queue dirs allow postfix_master_t self:capability { chown dac_override kill setgid setuid net_bind_service sys_tty_config }; allow postfix_master_t self:process setrlimit; -allow postfix_master_t self:fifo_file rw_fifo_file_perms; allow postfix_master_t self:tcp_socket create_stream_socket_perms; allow postfix_master_t self:udp_socket create_socket_perms; @@ -296,7 +295,6 @@ optional_policy(` # allow postfix_local_t self:process { setsched setrlimit }; -allow postfix_local_t self:fifo_file rw_fifo_file_perms; # connect to master process stream_connect_pattern(postfix_local_t, postfix_public_t, postfix_public_t, postfix_master_t) @@ -427,7 +425,6 @@ optional_policy(` # Postfix pickup local policy # -allow postfix_pickup_t self:fifo_file rw_fifo_file_perms; allow postfix_pickup_t self:tcp_socket create_socket_perms; stream_connect_pattern(postfix_pickup_t, postfix_private_t, postfix_private_t, postfix_master_t) @@ -454,7 +451,6 @@ mcs_file_write_all(postfix_pickup_t) # allow postfix_pipe_t self:process setrlimit; -allow postfix_pipe_t self:fifo_file rw_fifo_file_perms; write_sock_files_pattern(postfix_pipe_t, postfix_private_t, postfix_private_t) @@ -579,8 +575,6 @@ optional_policy(` # Postfix qmgr local policy # -allow postfix_qmgr_t self:fifo_file rw_fifo_file_perms; - stream_connect_pattern(postfix_qmgr_t, { postfix_private_t postfix_public_t }, { postfix_private_t postfix_public_t }, postfix_master_t) rw_fifo_files_pattern(postfix_qmgr_t, postfix_public_t, postfix_public_t) @@ -712,7 +706,6 @@ optional_policy(` # allow postfix_virtual_t self:process { setsched setrlimit }; -allow postfix_virtual_t self:fifo_file rw_fifo_file_perms; allow postfix_virtual_t postfix_spool_t:file rw_file_perms; -- 2.47.3