23.2. Types
The main permission control method used in SELinux targeted policy to provide advanced process isolation is Type Enforcement. All files and processes are labeled with a type: types define a SELinux domain for processes and a SELinux type for files. SELinux policy rules define how types access each other, whether it be a domain accessing a type, or a domain accessing another domain. Access is only allowed if a specific SELinux policy rule exists that allows it.
The following types are used with Postfix. Different types all you to configure flexible access:
postfix_etc_t
- This type is used for configuration files for Postfix in the
/etc/postfix/
directory. postfix_data_t
- This type is used for Postfix data files in the
/var/lib/postfix/
directory. postfix_var_run_t
- This type is used for Postfix files stored in the
/run/
directory. postfix_initrc_exec_t
- The Postfix executable files are labeled with the
postfix_initrc_exec_t
type. When executed, they transition to thepostfix_initrc_t
domain. postfix_spool_t
- This type is used for Postfix files stored in the
/var/spool/
directory.
Note
To see the full list of files and their types for Postfix, enter the following command:
~]$ grep postfix /etc/selinux/targeted/contexts/files/file_contexts