diff options
| author |   Kenton Groombridge <concord@gentoo.org> | 2024-06-27 13:20:12 -0400 |
|---|---|---|
| committer |   Jason Zaman <perfinion@gentoo.org> | 2024-09-21 15:28:29 -0700 |
| commit | 5b240290c9e4763ccfc1bef81c3fe39e31a08fd2 (patch) | |
| tree | 00e5df455131274b701c0fa478b7a3597aa0c2e5 | |
| parent | netutils: allow ping to read net sysctls (diff) | |
| download | hardened-refpolicy-5b240290c9e4763ccfc1bef81c3fe39e31a08fd2.tar.gz hardened-refpolicy-5b240290c9e4763ccfc1bef81c3fe39e31a08fd2.tar.bz2 hardened-refpolicy-5b240290c9e4763ccfc1bef81c3fe39e31a08fd2.zip | |
postfix: allow postfix pipe to watch mail spool
type=AVC msg=audit(1719451104.395:18364): avc: denied { watch } for pid=288883 comm="deliver" path="/var/spool/mail/domains/concord.sh/me@concord.sh/mail/dovecot-uidlist.lock" dev="dm-0" ino=17638966 scontext=system_u:system_r:postfix_pipe_t:s0 tcontext=system_u:object_r:mail_spool_t:s0 tclass=file permissive=0
Signed-off-by: Kenton Groombridge <concord@gentoo.org>
Signed-off-by: Jason Zaman <perfinion@gentoo.org>
| -rw-r--r-- | policy/modules/services/postfix.te | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/policy/modules/services/postfix.te b/policy/modules/services/postfix.te index b87c6afb..071dc748 100644 --- a/policy/modules/services/postfix.te +++ b/policy/modules/services/postfix.te @@ -615,6 +615,7 @@ optional_policy(` optional_policy(` mta_manage_spool(postfix_pipe_t) + mta_watch_spool(postfix_pipe_t) mta_send_mail(postfix_pipe_t) ') |