mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-06 17:31:01 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
apparmor/profiles/extras/usr.lib.postfix.smtpd

64 lines
2.3 KiB
Text
Raw Blame History

# $Id$
# ------------------------------------------------------------------
#
# Copyright (C) 2002-2006 Novell/SUSE
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
# License published by the Free Software Foundation.
#
# ------------------------------------------------------------------
#include <tunables/global>
/usr/lib/postfix/smtpd {
#include <abstractions/base>
#include <abstractions/nameservice>
#include <abstractions/kerberosclient>
#include <program-chunks/postfix-common>
capability dac_override,
capability dac_read_search,
capability setgid,
capability setuid,
/usr/lib/postfix/smtpd rix,
/usr/sbin/postdrop rpx,
/dev/urandom r,
/etc/aliases.db r,
# mailman on SuSE is configured to have its own alias db
/var/lib/mailman/data/aliases.db r,
/etc/mtab r,
/etc/fstab r,
/etc/postfix/*.db r,
/etc/postfix/{ssl/,}*.pem r,
/etc/postfix/smtpd_scache.dir r,
/etc/postfix/smtpd_scache.pag rw,
/etc/postfix/main.cf r,
/etc/postfix/prng_exch rw,
/usr/lib64/sasl2 r,
/usr/lib64/sasl2/* r,
/usr/lib/sasl2 r,
/usr/lib/sasl2/* r,
/usr/share/ssl/certs/ca-bundle.crt r,
/usr/share/ssl/openssl.cnf r,
/{var/spool/postfix,}/pid/inet.smtp rw,
/{var/spool/postfix,}/pid/inet.smtps rw,
/{var/spool/postfix,}/private/anvil w,
/{var/spool/postfix,}/private/proxymap w,
/{var/spool/postfix,}/private/rewrite w,
/{var/spool/postfix,}/private/tlsmgr w,
/{var/spool/postfix,}/public/cleanup w,
/var/run/sasl2/mux w,
/proc/net/if_inet6 r,
/proc/cpuinfo r,
/proc/stat r,
/proc/sys/kernel/ngroups_max r,
}
Reference in a new issue View git blame Copy permalink