# ------------------------------------------------------------------
#
#    Copyright (C) 2002-2005 Novell/SUSE
#
#    This program is free software; you can redistribute it and/or
#    modify it under the terms of version 2 of the GNU General Public
#    License published by the Free Software Foundation.
#
# ------------------------------------------------------------------
# vim:syntax=apparmor

#include <tunables/global>

profile postfix-tlsproxy /usr/lib/postfix/{bin/,sbin/}tlsproxy {
  #include <abstractions/base>
  #include <abstractions/nameservice>
  #include <abstractions/openssl>
  #include <abstractions/ssl_keys>
  #include <abstractions/postfix-common>

  capability dac_read_search,

  /usr/lib/postfix/{bin/,sbin/}tlsproxy                  mr,

  owner /etc/postfix/dh_1024.pem                 r,
  owner /etc/postfix/dh_512.pem                  r,
  /etc/postfix/prng_exch                         rw,

  owner /var/spool/postfix/private/tlsproxy      r,

  # Site-specific additions and overrides. See local/README for details.
  #include <local/postfix-tlsproxy>
}
