# ------------------------------------------------------------------
#
#    Copyright (C) 2002-2006 Novell/SUSE
#
#    This program is free software; you can redistribute it and/or
#    modify it under the terms of version 2 of the GNU General Public
#    License published by the Free Software Foundation.
#
# ------------------------------------------------------------------

#include <tunables/global>

profile postfix-smtpd /usr/lib/postfix/{bin/,sbin/}smtpd {
  #include <abstractions/base>
  #include <abstractions/nameservice>
  #include <abstractions/openssl>
  #include <abstractions/postfix-common>
  #include <abstractions/ssl_keys>

  capability dac_read_search,
  capability setgid,
  capability setuid,

  /usr/lib/postfix/{bin/,sbin/}smtpd                     mr,

  /usr/sbin/postdrop                                     Px,

  /dev/urandom                                           r,
  /etc/{,postfix/}aliases.lmdb                           rlk,
  /etc/mtab                                              r,
  /etc/fstab                                             r,
  /etc/postfix/*.lmdb                                    rlk,
  /etc/postfix/{ssl/,}*.pem                              r,
  /etc/postfix/smtpd_scache.dir                          r,
  /etc/postfix/smtpd_scache.pag                          rw,
  /etc/postfix/main.cf                                   r,
  /etc/postfix/prng_exch                                 rw,

  /usr/lib64/sasl2/                                      mr,
  /usr/lib64/sasl2/*                                     mr,
  /usr/lib/sasl2/                                        mr,
  /usr/lib/sasl2/*                                       mr,

  owner /var/spool/postfix/pid/inet.*                    rwk,
  owner /var/spool/postfix/private/anvil                 w,
  owner /var/spool/postfix/private/proxymap              w,
  owner /var/spool/postfix/private/rewrite               w,
  owner /var/spool/postfix/private/tlsmgr                w,
  owner /var/spool/postfix/public/cleanup                w,

  /var/spool/postfix/pid/inet.*                          wk,
  /var/spool/postfix/pid/pass.smtpd                      rwk,

  /{,var/}run/sasl2/mux                                  w,

  @{PROC}/net/if_inet6                                   r,

  # Site-specific additions and overrides. See local/README for details.
  #include <local/postfix-smtpd>
}
