From 144066c8f46dd0e76a52e10eb94ff9df73baffd9 Mon Sep 17 00:00:00 2001
From: Greg Sutcliffe <fedora@emeraldreverie.org>
Date: Fri, 26 Sep 2025 12:24:21 +0100
Subject: [PATCH] Zabbix/Postfix: Rules for postqueue using tmpfs

Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
---
 roles/base/files/postfix/zabbix-selinux.te | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/roles/base/files/postfix/zabbix-selinux.te b/roles/base/files/postfix/zabbix-selinux.te
index 47d9986f04..e19a6019fc 100644
--- a/roles/base/files/postfix/zabbix-selinux.te
+++ b/roles/base/files/postfix/zabbix-selinux.te
@@ -1,10 +1,11 @@
-module zabbix_sendmail 1.8;
+module zabbix_sendmail 1.9;
 
 require {
        type sendmail_exec_t;
        type zabbix_agent_t;
        type bin_t;
        type etc_t;
+       type devlog_t;
        type kernel_t;
        type postfix_etc_t;
        type postfix_master_t;
@@ -33,6 +34,7 @@ allow zabbix_agent_t etc_t:lnk_file read;
 allow zabbix_agent_t postfix_etc_t:file { read open };
 
 # Allow it actually read the mail queue
+allow zabbix_agent_t devlog_t:sock_file write;
 allow zabbix_agent_t kernel_t:unix_stream_socket connectto;
 allow zabbix_agent_t postfix_master_t:unix_stream_socket connectto;
 allow zabbix_agent_t postfix_public_t:sock_file write;