From: sven.vermeulen@siphos.be (Sven Vermeulen) Date: Sat, 17 Nov 2012 21:58:52 +0100 Subject: [refpolicy] [PATCH v1 6/9] Additional postfix admin requirements In-Reply-To: <1353185935-17421-1-git-send-email-sven.vermeulen@siphos.be> References: <1353185935-17421-1-git-send-email-sven.vermeulen@siphos.be> Message-ID: <1353185935-17421-7-git-send-email-sven.vermeulen@siphos.be> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com When administering postfix, the admin also needs to be able to run master (without transitioning - for instance for configuration file integrity validation), postqueue (for handling the queues) as well as have stream-connect rights towards the master (for the postfix clients that interact with a running master daemon through a socket). Adding those inside postfix_admin(). Signed-off-by: Sven Vermeulen --- postfix.if | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) diff --git a/postfix.if b/postfix.if index 69cf332..2e23946 100644 --- a/postfix.if +++ b/postfix.if @@ -739,5 +739,8 @@ interface(`postfix_admin',` files_search_tmp($1) admin_pattern($1, { postfix_server_tmp_content postfix_map_tmp_t }) + postfix_exec_master($1) + postfix_exec_postqueue($1) + postfix_stream_connect_master($1) postfix_run_map($1, $2) ') -- 1.7.8.6