Hi folks
I'm trying to figure out why the Postfix policy is as it is currently in the
reference policy. It looks as if the administrative tasks (like postqueue,
postsuper, ...) as shielded from being used by default by any role (not even
sysadm_r).
Unlike most other services I encounter, where sysadm_r has been granted the
necessary permissions to transition towards the management domains of those
services, this seems to be explicitly not added for Postfix. What is the
reasoning behind this?
I could assume that this is so that system administrators cannot access nor
manipulate the e-mails sent from the users (i.e. privacy), but a system
administrator is well able to read files in /var/spool/postfix/* so I'm
guessing this is not the case.
One of the reasons why I recon that it is not meant for sysadm to call the
postfix administrative commands is that there is no interface that allows
him to do so: postfix_domtrans_master won't work as sysadm_r is never
allowed to transition to the postfix_master_t domain (nor execute
postfix_master_exec_t).
Wkr,
Sven Vermeulen
>I'm trying to figure out why the Postfix policy is as it is currently
>in the
>reference policy. It looks as if the administrative tasks (like
>postqueue,
>postsuper, ...) as shielded from being used by default by any role (not
>even
>sysadm_r).
The Postfix policy was written to allow all the operations that are performed in normal operation. There was no deliberate attempt to restrict sysadm_r.
--
My blog http://etbe.coker.com.au
Sent from an Xperia X10 Android phone