AppArmor profile exchange

# $Id: usr.lib.postfix.smtp 741 2007-06-11 22:55:56Z seth_arnold $
# ------------------------------------------------------------------
#
#    Copyright (C) 2002-2006 Novell/SUSE
#
#    This program is free software; you can redistribute it and/or
#    modify it under the terms of version 2 of the GNU General Public
#    License published by the Free Software Foundation.
#
# ------------------------------------------------------------------

#include <tunables/global>
/usr/lib/postfix/smtp {
  #include <abstractions/base>
  #include <abstractions/kerberosclient>
  #include <abstractions/nameservice>
  #include <program-chunks/postfix-common>

  capability dac_override,
  capability dac_read_search,
  capability net_bind_service,

  /etc/mailname r,
  /etc/mtab r,
  /etc/postfix/prng_exch rw,
  /etc/postfix/sasl_passwd.db r,
  /etc/postfix/virtual.db r,
  /etc/postfix/{ssl/,}*.pem r,
  /usr/lib/postfix/smtp rmix,
  /usr/share/ssl/certs/ca-bundle.crt r,
  /usr/share/ssl/openssl.cnf r,
  /var/spool/postfix/active/* krw,
  /var/spool/postfix/etc/localtime r,
  /var/spool/postfix/etc/resolv.conf r,
  /var/spool/postfix/etc/services r,
  /var/spool/postfix/pid/unix.amavisfeed krw,
  /{var/spool/postfix/,}active/[0-9A-F]/ rwl,
  /{var/spool/postfix/,}active/[0-9A-F]/[0-9A-F]/ rwl,
  /{var/spool/postfix/,}active/[0-9A-F]/[0-9A-F]/* rwl,
  /{var/spool/postfix/,}pid/unix.relay krw,
  /{var/spool/postfix/,}pid/unix.smtp krw,
  /{var/spool/postfix/,}private/anvil w,
  /{var/spool/postfix/,}private/bounce w,
  /{var/spool/postfix/,}private/defer w,
  /{var/spool/postfix/,}private/rewrite w,
  /{var/spool/postfix/,}private/scache w,
  /{var/spool/postfix/,}private/tlsmgr w,
  /{var/spool/postfix/,}private/trace w,
  /{var/spool/postfix/,}public/flush w,
}