postfixpolicyd: split multi-class rule

The rule uses the permission manage_file_perms on the classes file and
sock_file.  This won't result in a change in the actual policy
generated, but if the definitions of macros are changed going forward,
the mismatches could cause issues.

Found by SELint

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
This commit is contained in:
Christian Göttsche 2020-08-25 20:43:14 +02:00
parent bdb9ffd00e
commit 850fefc626
1 changed files with 2 additions and 1 deletions

View File

@ -37,7 +37,8 @@ allow postfix_policyd_t postfix_policyd_conf_t:lnk_file read_lnk_file_perms;
manage_files_pattern(postfix_policyd_t, postfix_policyd_runtime_t, postfix_policyd_runtime_t) manage_files_pattern(postfix_policyd_t, postfix_policyd_runtime_t, postfix_policyd_runtime_t)
files_runtime_filetrans(postfix_policyd_t, postfix_policyd_runtime_t, file) files_runtime_filetrans(postfix_policyd_t, postfix_policyd_runtime_t, file)
allow postfix_policyd_t postfix_policyd_tmp_t:{ file sock_file } manage_file_perms; allow postfix_policyd_t postfix_policyd_tmp_t:file manage_file_perms;
allow postfix_policyd_t postfix_policyd_tmp_t:sock_file manage_sock_file_perms;
files_tmp_filetrans(postfix_policyd_t, postfix_policyd_tmp_t, { file sock_file }) files_tmp_filetrans(postfix_policyd_t, postfix_policyd_tmp_t, { file sock_file })
kernel_search_network_sysctl(postfix_policyd_t) kernel_search_network_sysctl(postfix_policyd_t)