File: //proc/self/root/proc/thread-self/root/usr/share/apparmor/extra-profiles/postfix-smtpd
# ------------------------------------------------------------------
#
# Copyright (C) 2002-2006 Novell/SUSE
# Copyright (C) 2018 Canonical, Ltd.
# Copyright (C) 2019-2021 Christian Boltz
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
# License published by the Free Software Foundation.
#
# ------------------------------------------------------------------
abi <abi/3.0>,
include <tunables/global>
profile postfix-smtpd /usr/lib/postfix/{bin/,sbin/,}smtpd {
include <abstractions/base>
include <abstractions/nameservice>
include <abstractions/postfix-common>
include <abstractions/openssl>
include <abstractions/ssl_certs>
include <abstractions/ssl_keys>
capability dac_override,
capability dac_read_search,
/usr/lib/postfix/{bin/,sbin/,}smtpd mrix,
/usr/sbin/postdrop rPx,
/dev/urandom r,
/etc/aliases.{lm,}db rk,
# mailman on SuSE is configured to have its own alias db
/var/lib/mailman/data/aliases.{lm,}db rk,
/etc/mtab r,
/etc/fstab r,
/etc/postfix/*.regexp r,
/etc/postfix/{ssl/,}*.pem r,
/etc/postfix/smtpd_scache.dir r,
/etc/postfix/smtpd_scache.pag rw,
/etc/postfix/main.cf r,
/etc/postfix/prng_exch rw,
/usr/share/ssl/certs/ca-bundle.crt r,
/{var/spool/postfix/,}incoming/* rw,
/{var/spool/postfix/,}pid/inet.* rwk,
/{var/spool/postfix/,}private/anvil rw,
/{var/spool/postfix/,}private/proxymap rw,
/{var/spool/postfix/,}private/rewrite rw,
/{var/spool/postfix/,}private/tlsmgr rw,
/{var/spool/postfix/,}public/cleanup rw,
/{,var/}run/sasl2/mux w,
}