WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-03-20 03:57:02 +08:00
Code Issues Packages Projects Releases Wiki Activity

Zabbix/Postfix: Even more denials, sigh

Browse Source 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
This commit is contained in:
Greg Sutcliffe
2025-09-26 12:07:55 +01:00
parent 4a97d2cbda
commit a7a2232e7b
1 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
roles/base/files/postfix/zabbix-selinux.te
View File

@@ -1,14 +1,19 @@
module zabbix_sendmail 1.6;
module zabbix_sendmail 1.7;
require {
type sendmail_exec_t;
type zabbix_agent_t;
type bin_t;
type etc_t;
type kernel_t;
type postfix_etc_t;
type postfix_postqueue_exec_t;
type postfix_public_t;
class file { read open execute execute_no_trans };
class lnk_file { read getattr };
class sock_file write;
class unix_stream_socket connectto;
class unix_dgram_socket create;
}
#============= zabbix_agent_t ==============
@@ -25,3 +30,8 @@ allow zabbix_agent_t etc_t:lnk_file read;
# Allow it to read main.cf
allow zabbix_agent_t postfix_etc_t:file { read open };
# Allow it actually read the mail queue
allow zabbix_agent_t kernel_t:unix_stream_socket connectto;
allow zabbix_agent_t postfix_public_t:sock_file write;
allow zabbix_agent_t self:unix_dgram_socket create;