From: sven.vermeulen@siphos.be (Sven Vermeulen) Date: Sat, 11 Aug 2012 20:59:53 +0200 Subject: [refpolicy] [PATCH v1 5/6] Allow postfix local to change ownership of mailfiles In-Reply-To: <1344711594-11687-1-git-send-email-sven.vermeulen@siphos.be> References: <1344711594-11687-1-git-send-email-sven.vermeulen@siphos.be> Message-ID: <1344711594-11687-6-git-send-email-sven.vermeulen@siphos.be> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com When the postfix local service delivers a file to a user mailbox, but that mailbox doesn't exist, then the service creates the mailbox and wants to change the ownership of the file. This needs the chown capability. Signed-off-by: Sven Vermeulen --- postfix.te | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/postfix.te b/postfix.te index d691ed1..e50742e 100644 --- a/postfix.te +++ b/postfix.te @@ -278,6 +278,7 @@ optional_policy(` # Postfix local local policy # +allow postfix_local_t self:capability chown; allow postfix_local_t self:fifo_file rw_fifo_file_perms; allow postfix_local_t self:process { setsched setrlimit }; -- 1.7.8.6