[selinux-policy: 3106/3172] Internal interaction goes before external interface calls.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 23:36:16 UTC 2010
commit a7b40a9c25b105528e96e99737517989af0c58e9
Author: Dominick Grift <domg472 at gmail.com>
Date: Thu Sep 23 13:57:06 2010 +0200
Internal interaction goes before external interface calls.
policy/modules/services/postfix.te | 8 ++++----
1 files changed, 4 insertions(+), 4 deletions(-)
---
diff --git a/policy/modules/services/postfix.te b/policy/modules/services/postfix.te
index ea6fa96..8dd52ce 100644
--- a/policy/modules/services/postfix.te
+++ b/policy/modules/services/postfix.te
@@ -293,6 +293,10 @@ stream_connect_pattern(postfix_local_t, postfix_public_t, postfix_public_t, post
# for .forward - maybe we need a new type for it?
rw_sock_files_pattern(postfix_local_t, postfix_private_t, postfix_private_t)
+domtrans_pattern(postfix_local_t, postfix_postdrop_exec_t, postfix_postdrop_t)
+# Might be a leak, but I need a postfix expert to explain
+allow postfix_postdrop_t postfix_local_t:unix_stream_socket { read write };
+
allow postfix_local_t postfix_spool_t:file rw_file_perms;
corecmd_exec_shell(postfix_local_t)
@@ -309,10 +313,6 @@ mta_read_config(postfix_local_t)
# Handle vacation script
mta_send_mail(postfix_local_t)
-domtrans_pattern(postfix_local_t, postfix_postdrop_exec_t, postfix_postdrop_t)
-# Might be a leak, but I need a postfix expert to explain
-allow postfix_postdrop_t postfix_local_t:unix_stream_socket { read write };
-
userdom_read_user_home_content_files(postfix_local_t)
tunable_policy(`allow_postfix_local_write_mail_spool',`
More information about the scm-commits
mailing list