double-p
commented
5 years ago When using postifx's "pipe", this one is sufficient:
policy_module(postfix-sympa, 1.0)
require{
type postfix_pipe_t;
type var_spool_t;
class file { write create rename };
class dir { add_name open read write create remove_name };
}
allow postfix_pipe_t var_spool_t:dir { add_name open read write remove_name };
allow postfix_pipe_t var_spool_t:file { create write rename };sendmail might work with 'type sendmail_exec_t' but I've not testing ground for this.
SELinux rules for sympa services and web interface would be bundled in package.