commit: 39073b3161feea2f4e2cbe3c36579127fc235ed6
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Sat May 16 11:28:57 2015 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Sat May 16 11:28:57 2015 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=39073b31
Additional rights for postfix admin
policy/modules/contrib/postfix.if | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/policy/modules/contrib/postfix.if
b/policy/modules/contrib/postfix.if
index a7ec448..8bc856e 100644
--- a/policy/modules/contrib/postfix.if
+++ b/policy/modules/contrib/postfix.if
@@ -761,5 +761,13 @@ interface(`postfix_admin',`
# Allow postfix admin to send message to log files, needed
during operations like "postfix reload"
logging_send_syslog_msg($1)
+
+ # Reloading the system through postfix reload needs a few
permissions
+ # "postfix: fatal: socket: Permission denied"
+ allow $1 self:tcp_socket create_stream_socket_perms;
+ # "postfix: fatal: inet_addr_local[getifaddrs]: getifaddrs:
Permission denied"
+ allow $1 self:netlink_route_socket r_netlink_socket_perms;
+ # "postsuper: fatal: setuid(207): Operation not permitted"
+ allow $1 self:capability { setuid setgid };
')
')
