# $Id: postfix-smtpd 5268 2005-09-08 22:44:11Z sarnold $
# ----------------------------------------------------------------------
#    PROPRIETARY DATA of NOVELL INC.
#    Copyright (c) 2004-2005, NOVELL (All rights reserved)
#
#    This document contains trade secret data which is the property
#    of NOVELL Inc.  This document is submitted to recipient in
#    confidence. Information contained herein may not be used, copied
#    or disclosed in whole or in part except as permitted by written
#    agreement signed by an officer of NOVELL, Inc.
# ----------------------------------------------------------------------
# used with postfix/smptd
  capability dac_override,
  capability dac_read_search,
  capability setgid,
  capability setuid,
  /public/cleanup                             w,
  /private/rewrite                            w,
  /dev/urandom                                r,
  /etc/aliases.db                             r,
  # mailman on SuSE is configured to have its own alias db
  /var/lib/mailman/data/aliases.db            r,
  /etc/mtab                                   r,
  /etc/fstab                                  r,
  /etc/postfix/*.db                           r,
  /etc/postfix/{ssl/,}*.pem                   r,
  /etc/postfix/smtpd_scache.dir               r,
  /etc/postfix/smtpd_scache.pag               rw,
  /etc/postfix/main.cf                        r,
  /etc/postfix/prng_exch                      rw,

  /usr/lib64/sasl2                            r,
  /usr/lib64/sasl2/*                          r,
  /usr/lib/sasl2                              r,
  /usr/lib/sasl2/*                            r,

  /usr/share/ssl/certs/ca-bundle.crt          r,
  /usr/share/ssl/openssl.cnf                  r,
  /var/spool/postfix/pid/inet.smtp            rw,
  /var/spool/postfix/pid/inet.smtps           rw,
  /var/spool/postfix/private/proxymap         w,
  /var/spool/postfix/private/rewrite          w,
  /var/spool/postfix/public/cleanup           w,
  /proc/net/if_inet6                          r,
  /proc/cpuinfo                               r,
  /proc/stat                                  r,
  /proc/sys/kernel/ngroups_max                r,

