mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Improvements to Postfix profiles

Browse source 
* Support /usr/libexec/postfix/ path
* Added abstractions/{nameservice,postfix-common} to postfix-postscreen
* Added postfix-tlsproxy, postscreen & spawn to postfix-master
    * Added missing postfix-tlsproxy profile
* Added postscreen cache map (see <https://www.postfix.org/postconf.5.html#postscreen_cache_map>)
* Added /{var/spool/postfix/,}pid/pass.smtpd to postfix-smtpd
This commit is contained in:
pyllyukko 2024-09-18 19:12:04 +03:00
parent 4fe3e30abc
commit 4ccf567d31
31 changed files with 113 additions and 79 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
profiles/apparmor/profiles/extras/postfix-anvil
View file

@ -13,12 +13,12 @@
include <tunables/global>
profile postfix-anvil /usr/lib/postfix/{bin/,sbin/,}anvil {
profile postfix-anvil /usr/lib{,exec}/postfix/{bin/,sbin/,}anvil {
include <abstractions/base>
include <abstractions/nameservice>
include <abstractions/postfix-common>
/usr/lib/postfix/{bin/,sbin/,}anvil mrix,
/usr/lib{,exec}/postfix/{bin/,sbin/,}anvil mrix,
/etc/postfix/main.cf r,
/{var/spool/postfix/,}private/anvil rw,

4
profiles/apparmor/profiles/extras/postfix-bounce
View file

@ -14,12 +14,12 @@
include <tunables/global>
profile postfix-bounce /usr/lib/postfix/{bin/,sbin/,}bounce {
profile postfix-bounce /usr/lib{,exec}/postfix/{bin/,sbin/,}bounce {
include <abstractions/base>
include <abstractions/nameservice>
include <abstractions/postfix-common>
/usr/lib/postfix/{bin/,sbin/,}bounce mrix,
/usr/lib{,exec}/postfix/{bin/,sbin/,}bounce mrix,
/{var/spool/postfix/,}active/[0-9A-F]/[0-9A-F]/* rwkl,
/{var/spool/postfix/,}active/[0-9A-F]/[0-9A-F]/ rwl,

4
profiles/apparmor/profiles/extras/postfix-cleanup
View file

@ -14,7 +14,7 @@
include <tunables/global>
profile postfix-cleanup /usr/lib/postfix/{bin/,sbin/,}cleanup {
profile postfix-cleanup /usr/lib{,exec}/postfix/{bin/,sbin/,}cleanup {
include <abstractions/base>
include <abstractions/nameservice>
include <abstractions/postfix-common>
@ -22,7 +22,7 @@ profile postfix-cleanup /usr/lib/postfix/{bin/,sbin/,}cleanup {
capability net_bind_service,
capability dac_read_search,
/usr/lib/postfix/{bin/,sbin/,}cleanup mrix,
/usr/lib{,exec}/postfix/{bin/,sbin/,}cleanup mrix,
/{var/spool/postfix/,}incoming/[0-9]*.[0-9]* rwl,
/{var/spool/postfix/,}incoming/[0-9A-F]/[0-9A-F]/* rwl,

4
profiles/apparmor/profiles/extras/postfix-discard
View file

@ -14,10 +14,10 @@
include <tunables/global>
profile postfix-discard /usr/lib/postfix/{bin/,sbin/,}discard {
profile postfix-discard /usr/lib{,exec}/postfix/{bin/,sbin/,}discard {
include <abstractions/base>
/usr/lib/postfix/{bin/,sbin/,}discard mrix,
/usr/lib{,exec}/postfix/{bin/,sbin/,}discard mrix,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/postfix-discard>

4
profiles/apparmor/profiles/extras/postfix-dnsblog
View file

@ -13,10 +13,10 @@
include <tunables/global>
profile postfix-dnsblog /usr/lib/postfix/{bin/,sbin/,}dnsblog {
profile postfix-dnsblog /usr/lib{,exec}/postfix/{bin/,sbin/,}dnsblog {
include <abstractions/base>
/usr/lib/postfix/{bin/,sbin/,}dnsblog mrix,
/usr/lib{,exec}/postfix/{bin/,sbin/,}dnsblog mrix,
/var/spool/postfix/private/dnsblog rw,

4
profiles/apparmor/profiles/extras/postfix-error
View file

@ -14,12 +14,12 @@
include <tunables/global>
profile postfix-error /usr/lib/postfix/{bin/,sbin/,}error {
profile postfix-error /usr/lib{,exec}/postfix/{bin/,sbin/,}error {
include <abstractions/base>
include <abstractions/nameservice>
include <abstractions/postfix-common>
/usr/lib/postfix/{bin/,sbin/,}error mrix,
/usr/lib{,exec}/postfix/{bin/,sbin/,}error mrix,
owner /var/spool/postfix/active/* rwk,
/var/spool/postfix/pid/unix.error rwk,

4
profiles/apparmor/profiles/extras/postfix-flush
View file

@ -14,12 +14,12 @@
include <tunables/global>
profile postfix-flush /usr/lib/postfix/{bin/,sbin/,}flush {
profile postfix-flush /usr/lib{,exec}/postfix/{bin/,sbin/,}flush {
include <abstractions/base>
include <abstractions/nameservice>
include <abstractions/postfix-common>
/usr/lib/postfix/{bin/,sbin/,}flush mrix,
/usr/lib{,exec}/postfix/{bin/,sbin/,}flush mrix,
/{var/spool/postfix/,}deferred/ r,
/{var/spool/postfix/,}deferred/[0-9A-F]/[0-9A-F]/* rwl,

4
profiles/apparmor/profiles/extras/postfix-lmtp
View file

@ -14,12 +14,12 @@
include <tunables/global>
profile postfix-lmtp /usr/lib/postfix/{bin/,sbin/,}lmtp {
profile postfix-lmtp /usr/lib{,exec}/postfix/{bin/,sbin/,}lmtp {
include <abstractions/base>
include <abstractions/nameservice>
include <abstractions/postfix-common>
/usr/lib/postfix/{bin/,sbin/,}lmtp mrix,
/usr/lib{,exec}/postfix/{bin/,sbin/,}lmtp mrix,
/var/spool/postfix/active/* rwk,
/var/spool/postfix/pid/unix.lmtp rwk,

4
profiles/apparmor/profiles/extras/postfix-local
View file

@ -14,7 +14,7 @@
include <tunables/global>
profile postfix-local /usr/lib/postfix/{bin/,sbin/,}local {
profile postfix-local /usr/lib{,exec}/postfix/{bin/,sbin/,}local {
include <abstractions/base>
include <abstractions/bash>
include <abstractions/nameservice>
@ -27,7 +27,7 @@ profile postfix-local /usr/lib/postfix/{bin/,sbin/,}local {
/var/mailman/mail/wrapper Px,
/usr/bin/mlmmj-recieve Px,
/usr/lib/postfix/{bin/,sbin/,}local mrix,
/usr/lib{,exec}/postfix/{bin/,sbin/,}local mrix,
/{usr/,}bin/bash mixr,
/{usr/,}bin/date mixr,

43
profiles/apparmor/profiles/extras/postfix-master
View file

@ -14,7 +14,7 @@ abi <abi/4.0>,
include <tunables/global>
profile postfix-master /usr/lib/postfix/{bin/,sbin/,}master {
profile postfix-master /usr/lib{,exec}/postfix/{bin/,sbin/,}master {
include <abstractions/base>
include <abstractions/nameservice>
include <abstractions/postfix-common>
@ -37,25 +37,28 @@ profile postfix-master /usr/lib/postfix/{bin/,sbin/,}master {
/{var/spool/postfix/,}private/tlsmgr rwl,
/{var/spool/postfix/,}public/{cleanup,flush,pickup,postlog,qmgr,showq,tlsmgr} rwl,
/usr/lib/postfix/{bin/,sbin/,}anvil Px,
/usr/lib/postfix/{bin/,sbin/,}bounce Px,
/usr/lib/postfix/{bin/,sbin/,}cleanup Px,
/usr/lib/postfix/{bin/,sbin/,}error Px,
/usr/lib/postfix/{bin/,sbin/,}flush Px,
/usr/lib/postfix/{bin/,sbin/,}local Px,
/usr/lib/postfix/{bin/,sbin/,}lmtp mrPx,
/usr/lib/postfix/{bin/,sbin/,}master mrix,
/usr/lib/postfix/{bin/,sbin/,}nqmgr Px,
/usr/lib/postfix/{bin/,sbin/,}proxymap Px,
/usr/lib/postfix/{bin/,sbin/,}pickup Px,
/usr/lib/postfix/{bin/,sbin/,}pipe Px,
/usr/lib/postfix/{bin/,sbin/,}qmgr Px,
/usr/lib/postfix/{bin/,sbin/,}scache Px,
/usr/lib/postfix/{bin/,sbin/,}showq Px,
/usr/lib/postfix/{bin/,sbin/,}smtp Px,
/usr/lib/postfix/{bin/,sbin/,}smtpd Px,
/usr/lib/postfix/{bin/,sbin/,}tlsmgr Px,
/usr/lib/postfix/{bin/,sbin/,}trivial-rewrite Px,
/usr/lib{,exec}/postfix/{bin/,sbin/,}anvil Px,
/usr/lib{,exec}/postfix/{bin/,sbin/,}bounce Px,
/usr/lib{,exec}/postfix/{bin/,sbin/,}cleanup Px,
/usr/lib{,exec}/postfix/{bin/,sbin/,}error Px,
/usr/lib{,exec}/postfix/{bin/,sbin/,}flush Px,
/usr/lib{,exec}/postfix/{bin/,sbin/,}local Px,
/usr/lib{,exec}/postfix/{bin/,sbin/,}lmtp mrPx,
/usr/lib{,exec}/postfix/{bin/,sbin/,}master mrix,
/usr/lib{,exec}/postfix/{bin/,sbin/,}nqmgr Px,
/usr/lib{,exec}/postfix/{bin/,sbin/,}proxymap Px,
/usr/lib{,exec}/postfix/{bin/,sbin/,}pickup Px,
/usr/lib{,exec}/postfix/{bin/,sbin/,}pipe Px,
/usr/lib{,exec}/postfix/{bin/,sbin/,}postfix-tlsproxy Px,
/usr/lib{,exec}/postfix/{bin/,sbin/,}postscreen Px,
/usr/lib{,exec}/postfix/{bin/,sbin/,}qmgr Px,
/usr/lib{,exec}/postfix/{bin/,sbin/,}scache Px,
/usr/lib{,exec}/postfix/{bin/,sbin/,}showq Px,
/usr/lib{,exec}/postfix/{bin/,sbin/,}smtp Px,
/usr/lib{,exec}/postfix/{bin/,sbin/,}smtpd Px,
/usr/lib{,exec}/postfix/{bin/,sbin/,}spawn Px,
/usr/lib{,exec}/postfix/{bin/,sbin/,}tlsmgr Px,
/usr/lib{,exec}/postfix/{bin/,sbin/,}trivial-rewrite Px,
owner /var/lib/postfix/master.lock rwk,

4
profiles/apparmor/profiles/extras/postfix-nqmgr
View file

@ -13,12 +13,12 @@ abi <abi/4.0>,
include <tunables/global>
profile postfix-nqmgr /usr/lib/postfix/{bin/,sbin/,}nqmgr {
profile postfix-nqmgr /usr/lib{,exec}/postfix/{bin/,sbin/,}nqmgr {
include <abstractions/base>
include <abstractions/nameservice>
include <abstractions/postfix-common>
/usr/lib/postfix/{bin/,sbin/,}nqmgr mrix,
/usr/lib{,exec}/postfix/{bin/,sbin/,}nqmgr mrix,
/{var/spool/postfix/,}active/ r,
/{var/spool/postfix/,}active/[0-9A-F]/ r,

4
profiles/apparmor/profiles/extras/postfix-oqmgr
View file

@ -14,12 +14,12 @@ abi <abi/4.0>,
include <tunables/global>
profile postfix-oqmgr /usr/lib/postfix/{bin/,sbin/,}oqmgr {
profile postfix-oqmgr /usr/lib{,exec}/postfix/{bin/,sbin/,}oqmgr {
include <abstractions/base>
include <abstractions/nameservice>
include <abstractions/postfix-common>
/usr/lib/postfix/{bin/,sbin/,}oqmgr mrix,
/usr/lib{,exec}/postfix/{bin/,sbin/,}oqmgr mrix,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/postfix-oqmgr>

4
profiles/apparmor/profiles/extras/postfix-pickup
View file

@ -13,12 +13,12 @@ abi <abi/4.0>,
include <tunables/global>
profile postfix-pickup /usr/lib/postfix/{bin/,sbin/,}pickup {
profile postfix-pickup /usr/lib{,exec}/postfix/{bin/,sbin/,}pickup {
include <abstractions/base>
include <abstractions/nameservice>
include <abstractions/postfix-common>
/usr/lib/postfix/{bin/,sbin/,}pickup mrix,
/usr/lib{,exec}/postfix/{bin/,sbin/,}pickup mrix,
/{var/spool/postfix/,}public/cleanup rw,
/{var/spool/postfix/,}public/pickup r,

4
profiles/apparmor/profiles/extras/postfix-pipe
View file

@ -14,12 +14,12 @@ abi <abi/4.0>,
include <tunables/global>
profile postfix-pipe /usr/lib/postfix/{bin/,sbin/,}pipe {
profile postfix-pipe /usr/lib{,exec}/postfix/{bin/,sbin/,}pipe {
include <abstractions/base>
include <abstractions/nameservice>
include <abstractions/postfix-common>
/usr/lib/postfix/{bin/,sbin/,}pipe mrix,
/usr/lib{,exec}/postfix/{bin/,sbin/,}pipe mrix,
/var/spool/postfix/active/* rwk,
/var/spool/postfix/private/bounce w,

7
profiles/apparmor/profiles/extras/postfix-postscreen
View file

@ -12,10 +12,13 @@ abi <abi/4.0>,
include <tunables/global>
profile postfix-postscreen /usr/lib/postfix/{bin/,sbin/,}postscreen {
profile postfix-postscreen /usr/lib{,exec}/postfix/{bin/,sbin/,}postscreen {
include <abstractions/base>
include <abstractions/nameservice>
include <abstractions/postfix-common>
/usr/lib/postfix/{bin/,sbin/,}postscreen mrix,
/usr/lib{,exec}/postfix/{bin/,sbin/,}postscreen mrix,
owner /var/lib/postfix/{,__db.}postscreen_cache.db rwk,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/postfix-postscreen>

6
profiles/apparmor/profiles/extras/postfix-proxymap
View file

@ -14,14 +14,14 @@ abi <abi/4.0>,
include <tunables/global>
profile postfix-proxymap /usr/lib/postfix/{bin/,sbin/,}proxymap {
profile postfix-proxymap /usr/lib{,exec}/postfix/{bin/,sbin/,}proxymap {
include <abstractions/base>
include <abstractions/nameservice>
include <abstractions/postfix-common>
/etc/my.cnf r,
/usr/lib/postfix/{bin/,sbin/,}proxymap mrix,
/{var/spool/postfix/,}private/proxymap rw,
/usr/lib{,exec}/postfix/{bin/,sbin/,}proxymap mrix,
/{var/spool/postfix/,}private/proxymap rw,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/postfix-proxymap>

4
profiles/apparmor/profiles/extras/postfix-qmgr
View file

@ -13,12 +13,12 @@ abi <abi/4.0>,
include <tunables/global>
profile postfix-qmgr /usr/lib/postfix/{bin/,sbin/,}qmgr {
profile postfix-qmgr /usr/lib{,exec}/postfix/{bin/,sbin/,}qmgr {
include <abstractions/base>
include <abstractions/nameservice>
include <abstractions/postfix-common>
/usr/lib/postfix/{bin/,sbin/,}qmgr mrix,
/usr/lib{,exec}/postfix/{bin/,sbin/,}qmgr mrix,
/{var/spool/postfix/,}active/ r,
/{var/spool/postfix/,}active/[0-9A-F]/[0-9A-F]/* rwl,

4
profiles/apparmor/profiles/extras/postfix-qmqpd
View file

@ -13,12 +13,12 @@ abi <abi/4.0>,
include <tunables/global>
profile postfix-qmqpd /usr/lib/postfix/{bin/,sbin/,}qmqpd {
profile postfix-qmqpd /usr/lib{,exec}/postfix/{bin/,sbin/,}qmqpd {
include <abstractions/base>
include <abstractions/nameservice>
include <abstractions/postfix-common>
/usr/lib/postfix/{bin/,sbin/,}qmqpd mrix,
/usr/lib{,exec}/postfix/{bin/,sbin/,}qmqpd mrix,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/postfix-qmqpd>

4
profiles/apparmor/profiles/extras/postfix-scache
View file

@ -15,12 +15,12 @@ abi <abi/4.0>,
include <tunables/global>
profile postfix-scache /usr/lib/postfix/{bin/,sbin/,}scache {
profile postfix-scache /usr/lib{,exec}/postfix/{bin/,sbin/,}scache {
include <abstractions/base>
include <abstractions/nameservice>
include <abstractions/postfix-common>
/usr/lib/postfix/{bin/,sbin/,}scache mrix,
/usr/lib{,exec}/postfix/{bin/,sbin/,}scache mrix,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/postfix-scache>

4
profiles/apparmor/profiles/extras/postfix-showq
View file

@ -14,12 +14,12 @@ abi <abi/4.0>,
include <tunables/global>
profile postfix-showq /usr/lib/postfix/{bin/,sbin/,}showq {
profile postfix-showq /usr/lib{,exec}/postfix/{bin/,sbin/,}showq {
include <abstractions/base>
include <abstractions/nameservice>
include <abstractions/postfix-common>
/usr/lib/postfix/{bin/,sbin/,}showq mrix,
/usr/lib{,exec}/postfix/{bin/,sbin/,}showq mrix,
/{var/spool/postfix/,}active/ r,
/{var/spool/postfix/,}active/[0-9A-F]/[0-9A-F]/* r,

4
profiles/apparmor/profiles/extras/postfix-smtp
View file

@ -14,7 +14,7 @@ abi <abi/4.0>,
include <tunables/global>
profile postfix-smtp /usr/lib/postfix/{bin/,sbin/,}smtp {
profile postfix-smtp /usr/lib{,exec}/postfix/{bin/,sbin/,}smtp {
include <abstractions/base>
include <abstractions/nameservice>
include <abstractions/postfix-common>
@ -23,7 +23,7 @@ profile postfix-smtp /usr/lib/postfix/{bin/,sbin/,}smtp {
capability dac_read_search,
capability net_bind_service,
/usr/lib/postfix/{bin/,sbin/,}smtp mrix,
/usr/lib{,exec}/postfix/{bin/,sbin/,}smtp mrix,
/{var/spool/postfix/,}active/[0-9A-F]/[0-9A-F]/* rwl,
/{var/spool/postfix/,}active/[0-9A-F]/[0-9A-F]/ rwl,

5
profiles/apparmor/profiles/extras/postfix-smtpd
View file

@ -14,7 +14,7 @@ abi <abi/4.0>,
include <tunables/global>
profile postfix-smtpd /usr/lib/postfix/{bin/,sbin/,}smtpd {
profile postfix-smtpd /usr/lib{,exec}/postfix/{bin/,sbin/,}smtpd {
include <abstractions/base>
include <abstractions/nameservice>
include <abstractions/postfix-common>
@ -24,7 +24,7 @@ profile postfix-smtpd /usr/lib/postfix/{bin/,sbin/,}smtpd {
capability dac_override,
capability dac_read_search,
/usr/lib/postfix/{bin/,sbin/,}smtpd mrix,
/usr/lib{,exec}/postfix/{bin/,sbin/,}smtpd mrix,
/usr/sbin/postdrop rPx,
/dev/urandom r,
@ -44,6 +44,7 @@ profile postfix-smtpd /usr/lib/postfix/{bin/,sbin/,}smtpd {
/{var/spool/postfix/,}incoming/* rw,
/{var/spool/postfix/,}pid/inet.* rwk,
/{var/spool/postfix/,}pid/pass.smtpd rwk,
/{var/spool/postfix/,}private/anvil rw,
/{var/spool/postfix/,}private/proxymap rw,
/{var/spool/postfix/,}private/rewrite rw,

4
profiles/apparmor/profiles/extras/postfix-spawn
View file

@ -13,12 +13,12 @@ abi <abi/4.0>,
include <tunables/global>
profile postfix-spawn /usr/lib/postfix/{bin/,sbin/,}spawn {
profile postfix-spawn /usr/lib{,exec}/postfix/{bin/,sbin/,}spawn {
include <abstractions/base>
include <abstractions/nameservice>
include <abstractions/postfix-common>
/usr/lib/postfix/{bin/,sbin/,}spawn mrix,
/usr/lib{,exec}/postfix/{bin/,sbin/,}spawn mrix,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/postfix-spawn>

4
profiles/apparmor/profiles/extras/postfix-tlsmgr
View file

@ -14,12 +14,12 @@ abi <abi/4.0>,
include <tunables/global>
profile postfix-tlsmgr /usr/lib/postfix/{bin/,sbin/,}tlsmgr {
profile postfix-tlsmgr /usr/lib{,exec}/postfix/{bin/,sbin/,}tlsmgr {
include <abstractions/base>
include <abstractions/nameservice>
include <abstractions/postfix-common>
/usr/lib/postfix/{bin/,sbin/,}tlsmgr mrix,
/usr/lib{,exec}/postfix/{bin/,sbin/,}tlsmgr mrix,
/var/spool/postfix/dev/urandom r,
/{etc,var/lib}/postfix/prng_exch rwk,

27
profiles/apparmor/profiles/extras/postfix-tlsproxy Normal file
View file

@ -0,0 +1,27 @@
# ------------------------------------------------------------------
#
# Copyright (C) 2024 pyllyukko
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
# License published by the Free Software Foundation.
#
# ------------------------------------------------------------------
abi <abi/4.0>,
include <tunables/global>
profile postfix-tlsproxy /usr/lib{,exec}/postfix/{bin/,sbin/,}tlsproxy {
include <abstractions/base>
include <abstractions/nameservice>
include <abstractions/postfix-common>
include <abstractions/ssl_keys>
capability dac_read_search,
/usr/lib{,exec}/postfix/{bin/,sbin/,}tlsproxy mrix,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/postfix-tlsproxy>
}

4
profiles/apparmor/profiles/extras/postfix-trivial-rewrite
View file

@ -14,14 +14,14 @@ abi <abi/4.0>,
include <tunables/global>
profile postfix-trivial-rewrite /usr/lib/postfix/{bin/,sbin/,}trivial-rewrite {
profile postfix-trivial-rewrite /usr/lib{,exec}/postfix/{bin/,sbin/,}trivial-rewrite {
include <abstractions/base>
include <abstractions/nameservice>
include <abstractions/postfix-common>
capability dac_read_search,
/usr/lib/postfix/{bin/,sbin/,}trivial-rewrite mrix,
/usr/lib{,exec}/postfix/{bin/,sbin/,}trivial-rewrite mrix,
/etc/{m,fs}tab r,
/var/spool/postfix/pid/unix.rewrite rw,

4
profiles/apparmor/profiles/extras/postfix-verify
View file

@ -13,12 +13,12 @@ abi <abi/4.0>,
include <tunables/global>
profile postfix-verify /usr/lib/postfix/{bin/,sbin/,}verify {
profile postfix-verify /usr/lib{,exec}/postfix/{bin/,sbin/,}verify {
include <abstractions/base>
include <abstractions/nameservice>
include <abstractions/postfix-common>
/usr/lib/postfix/{bin/,sbin/,}verify mrix,
/usr/lib{,exec}/postfix/{bin/,sbin/,}verify mrix,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/postfix-verify>

4
profiles/apparmor/profiles/extras/postfix-virtual
View file

@ -13,12 +13,12 @@ abi <abi/4.0>,
include <tunables/global>
profile postfix-virtual /usr/lib/postfix/{bin/,sbin/,}virtual {
profile postfix-virtual /usr/lib{,exec}/postfix/{bin/,sbin/,}virtual {
include <abstractions/base>
include <abstractions/nameservice>
include <abstractions/postfix-common>
/usr/lib/postfix/{bin/,sbin/,}virtual mrix,
/usr/lib{,exec}/postfix/{bin/,sbin/,}virtual mrix,
/var/spool/postfix/active/* rw,
/var/spool/postfix/pid/unix.virtual rw,

2
profiles/apparmor/profiles/extras/usr.sbin.postqueue
View file

@ -24,7 +24,7 @@ include <tunables/global>
/etc/postfix r,
/usr/sbin/postqueue rmix,
/usr/lib/postfix/{bin/,sbin/,}showq Px,
/usr/lib{,exec}/postfix/{bin/,sbin/,}showq Px,
/usr/share/icu/[0-9]*.[0-9]*/*.dat r,
/var/spool/postfix r,
/var/spool/postfix/maildrop r,

6
profiles/apparmor/profiles/extras/usr.sbin.sendmail
View file

@ -46,10 +46,10 @@ include <tunables/global>
/root/dead.letter w,
/root/.forward rw,
/usr/kerberos/lib/lib*.so* mr,
/usr/lib/postfix/{bin/,sbin/,}master Px,
/usr/lib/postfix/{bin/,sbin/,}smtpd Px,
/usr/lib{,exec}/postfix/{bin/,sbin/,}master Px,
/usr/lib{,exec}/postfix/{bin/,sbin/,}smtpd Px,
/usr/lib/postfix r,
/usr/lib/postfix/{bin/,sbin/,}showq Px,
/usr/lib{,exec}/postfix/{bin/,sbin/,}showq Px,
/usr/lib/sasl2 r,
/usr/lib/sasl2/* mr,
/usr/lib/sasl r,

4
profiles/apparmor/profiles/extras/usr.sbin.sendmail.postfix
View file

@ -28,8 +28,8 @@ include <tunables/global>
/etc/postfix/postfix-script Px,
@{PROC}/net/if_inet6 r,
/usr/lib/postfix r,
/usr/lib/postfix/{bin/,sbin/,}master Px,
/usr/lib/postfix/{bin/,sbin/,}showq Px,
/usr/lib{,exec}/postfix/{bin/,sbin/,}master Px,
/usr/lib{,exec}/postfix/{bin/,sbin/,}showq Px,
/usr/sbin/postalias Px,
/usr/sbin/postdrop Px,
/usr/sbin/postqueue Px,