RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

postfix: allow postfix master fsetid capability 

The postfix master will try to correct permissions on its queue
directories with chown. This can be reproduced with 'postfix
set-permissions'.

Signed-off-by: Kenton Groombridge <me@concord.sh>
This commit is contained in:
Kenton Groombridge 2022-03-31 13:52:34 -04:00
parent 932bef5721
commit ed28c58eba
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
policy/modules/services/postfix.te
View File

@ -194,7 +194,7 @@ domain_use_interactive_fds(postfix_user_domains)
# Master local policy
#
allow postfix_master_t self:capability { chown dac_read_search dac_override fowner kill setgid setuid sys_tty_config };
allow postfix_master_t self:capability { chown dac_read_search dac_override fowner fsetid kill setgid setuid sys_tty_config };
allow postfix_master_t self:capability2 block_suspend;
allow postfix_master_t self:process setrlimit;
allow postfix_master_t self:tcp_socket create_stream_socket_perms;