commit: 105c5c80ee234d6bed09a47fa36746382e3830f7
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Fri May 15 13:25:06 2015 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Fri May 15 13:25:06 2015 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=105c5c80
postmap is a user command
When a postfix admin updates a postfix database, he has to call
"postmap hash:/etc/postfix/databasename" in order to regenerate the
database (in case of a hash database in the example).
To allow postmap to give feedback on errors, grant it access to the user
terminals and private file descriptors of the admin.
policy/modules/contrib/postfix.te | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/policy/modules/contrib/postfix.te
b/policy/modules/contrib/postfix.te
index afc1fde..1c0a34c 100644
--- a/policy/modules/contrib/postfix.te
+++ b/policy/modules/contrib/postfix.te
@@ -500,6 +500,8 @@ corecmd_read_bin_files(postfix_map_t)
corecmd_read_bin_pipes(postfix_map_t)
corecmd_read_bin_sockets(postfix_map_t)
+domain_use_interactive_fds(postfix_map_t)
+
files_list_home(postfix_map_t)
files_read_usr_files(postfix_map_t)
files_read_etc_runtime_files(postfix_map_t)
@@ -511,6 +513,8 @@ logging_send_syslog_msg(postfix_map_t)
miscfiles_read_localization(postfix_map_t)
+userdom_use_user_terminals(postfix_map_t)
+
optional_policy(`
locallogin_dontaudit_use_fds(postfix_map_t)
')
