Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

YDA-5994: modify Postfix role to allow queue cmd #503

Merged
merged 1 commit into from
Dec 10, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions roles/postfix/handlers/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,12 @@
when: not ansible_check_mode


- name: Reload Apparmor
ansible.builtin.service:
name: apparmor
state: reloaded


- name: Systemd daemon reload
ansible.builtin.systemd:
daemon_reload: true
Expand Down
2 changes: 2 additions & 0 deletions roles/postfix/tasks/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -180,6 +180,7 @@
- usr.sbin.postalias
- usr.sbin.sendmail.postfix
register: postfix_apparmor_default
notify: Reload Apparmor
when: not ansible_check_mode and ansible_os_family == "Debian"


Expand All @@ -202,6 +203,7 @@
- src: 'usr.sbin.sendmail.j2'
dest: 'usr.sbin.sendmail'
register: postfix_apparmor_custom
notify: Reload Apparmor
when: ansible_os_family == "Debian"


Expand Down
4 changes: 3 additions & 1 deletion roles/postfix/templates/usr.sbin.postfix.j2
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# {{ ansible_managed }}
# Last Modified: Tue Oct 22 15:17:36 2024
# Last Modified: Mon Dec 9 14:18:33 2024
#include <tunables/global>

# vim:syntax=apparmor
Expand All @@ -24,6 +24,7 @@
signal send set=term peer=/usr/sbin/postfix//null-/usr/lib/postfix/sbin/pickup,
signal send set=term peer=/usr/sbin/postfix//null-/usr/lib/postfix/sbin/qmgr,
signal send set=term peer=/usr/sbin/postfix//null-/usr/lib/postfix/sbin/scache,
signal send set=term peer=/usr/sbin/postfix//null-/usr/lib/postfix/sbin/showq,
signal send set=term peer=/usr/sbin/postfix//null-/usr/lib/postfix/sbin/smtp,
signal send set=term peer=/usr/sbin/postfix//null-/usr/lib/postfix/sbin/tlsmgr,
signal send set=term peer=/usr/sbin/postfix//null-/usr/lib/postfix/sbin/trivial-rewrite,
Expand Down Expand Up @@ -69,6 +70,7 @@
owner /etc/postfix/postfix-files.d/ r,
owner /etc/postfix/sasl/ r,
owner /usr/sbin/sendmail r,
owner /var/lib/postfix/__db.smtp_scache.db rw,
owner /var/lib/postfix/master.lock rwk,
owner /var/lib/postfix/prng_exch k,
owner /var/lib/postfix/prng_exch rw,
Expand Down
6 changes: 3 additions & 3 deletions roles/postfix/templates/usr.sbin.postqueue.j2
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# {{ ansible_managed }}
# Last Modified: Tue Oct 22 13:36:14 2024
# Last Modified: Mon Dec 9 14:13:02 2024
#include <tunables/global>

# ------------------------------------------------------------------
Expand Down Expand Up @@ -31,8 +31,8 @@
/var/spool/postfix/maildrop r,
/var/spool/postfix/maildrop/* rwl,
/var/spool/postfix/pid r,
/var/spool/postfix/public/pickup w,
/var/spool/postfix/public/qmgr w,
/var/spool/postfix/public/pickup rw,
/var/spool/postfix/public/qmgr rw,
/var/spool/postfix/public/showq rw,

}
Loading