From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Sat, 17 Nov 2012 21:58:52 +0100
Subject: [refpolicy] [PATCH v1 6/9] Additional postfix admin requirements
In-Reply-To: <1353185935-17421-1-git-send-email-sven.vermeulen@siphos.be>
References: <1353185935-17421-1-git-send-email-sven.vermeulen@siphos.be>
Message-ID: <1353185935-17421-7-git-send-email-sven.vermeulen@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

When administering postfix, the admin also needs to be able to run master
(without transitioning - for instance for configuration file integrity
validation), postqueue (for handling the queues) as well as have stream-connect
rights towards the master (for the postfix clients that interact with a running
master daemon through a socket).

Adding those inside postfix_admin().

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 postfix.if |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/postfix.if b/postfix.if
index 69cf332..2e23946 100644
--- a/postfix.if
+++ b/postfix.if
@@ -739,5 +739,8 @@ interface(`postfix_admin',`
 	files_search_tmp($1)
 	admin_pattern($1, { postfix_server_tmp_content postfix_map_tmp_t })
 
+	postfix_exec_master($1)
+	postfix_exec_postqueue($1)
+	postfix_stream_connect_master($1)
 	postfix_run_map($1, $2)
 ')
-- 
1.7.8.6