From 451140e4c1f0bb6d8df25d18d74e549a83f46e4a Mon Sep 17 00:00:00 2001
From: Zdenek Pytela <zpytela@redhat.com>
Date: Tue, 9 Aug 2022 16:56:21 +0200
Subject: [PATCH] Allow postfix/smtp and postfix/virtual read kerberos key
 table

This permission is required when postfix is configured to use virtual
mailboxes and store data into postgresql database.

Resolves: rhbz#1983308
---
 policy/modules/contrib/postfix.te | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/policy/modules/contrib/postfix.te b/policy/modules/contrib/postfix.te
index 5451023d79..c236828d0e 100644
--- a/policy/modules/contrib/postfix.te
+++ b/policy/modules/contrib/postfix.te
@@ -699,6 +699,10 @@ optional_policy(`
 	dspam_stream_connect(postfix_smtp_t)
 ')
 
+optional_policy(`
+	kerberos_read_keytab(postfix_smtp_t)
+')
+
 optional_policy(`
 	milter_stream_connect_all(postfix_smtp_t)
 ')
@@ -776,6 +780,10 @@ userdom_manage_user_home_dirs(postfix_virtual_t)
 userdom_manage_user_home_content(postfix_virtual_t)
 userdom_filetrans_home_content(postfix_virtual_t)
 
+optional_policy(`
+	kerberos_read_keytab(postfix_virtual_t)
+')
+
 ########################################
 #
 # postfix_domain common policy