apparmor/profiles/apparmor.d/abstractions/postfix-common

# ------------------------------------------------------------------
#
#    Copyright (C) 2002-2005 Novell/SUSE
#    Copyright (C) 2015-2018 Canonical, Ltd.
#    Copyright (C) 2020-2021 Christian Boltz
#
#    This program is free software; you can redistribute it and/or
#    modify it under the terms of version 2 of the GNU General Public
#    License published by the Free Software Foundation.
#
# ------------------------------------------------------------------
# used with postfix/*

  abi <abi/4.0>,


  capability            setuid,
  capability            setgid,
  capability            sys_chroot,

  # postfix's master can send us signals
  signal receive peer=postfix-master,

  unix (send, receive) peer=(label=postfix-master),

  /etc/mailname         r,
  /etc/postfix/*.cf     r,
  /etc/postfix/*.db     rk,
  /etc/postfix/*.lmdb   rk,
  @{PROC}/net/if_inet6  r,
  /usr/lib/postfix/*.so mr,
  /usr/lib{,32,64}/sasl2/*    mr,
  /usr/lib{,32,64}/sasl2/     r,
  /usr/lib/@{multiarch}/sasl2/*      mr,
  /usr/lib/@{multiarch}/sasl2/       r,
  /usr/share/icu/[0-9]*.[0-9]*/*.dat r,

  /var/spool/postfix/etc/*        r,
  /var/spool/postfix/lib/lib*.so* mr,
  /var/spool/postfix/lib/@{multiarch}/lib*.so* mr,

  /etc/postfix/dynamicmaps.cf.d/  r,

  # Include additions to the abstraction
  include if exists <abstractions/postfix-common.d>