Bug 2130329

Summary: [RFE] postfix: convert postfix role to use firewall and selinux role
Product: Red Hat Enterprise Linux 9 Reporter: Noriko Hosoi <nhosoi>
Component: rhel-system-rolesAssignee: Rich Megginson <rmeggins>
Status: CLOSED ERRATA QA Contact: Evgeny Fedin <efedin>
Severity: unspecified Docs Contact: Gabi Fialová <gfialova>
Priority: unspecified    
Version: 9.2CC: djez, efedin, pasik, rmeggins, spetrosi
Target Milestone: rcKeywords: FutureFeature, Triaged
Target Release: 9.2   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: role:postfix
Fixed In Version: rhel-system-roles-1.21.0-0.5.el9 Doc Type: Enhancement
Doc Text:
.The `postfix` RHEL System Role can now use the `firewall` and `selinux` RHEL System Roles to manage port access With this enhancement, you can automate managing port access by using the new role variables `postfix_manage_firewall` and `postfix_manage_selinux`: * If they are set to `true`, each role is used to manage the port access. * If they are set to `false`, which is default, the roles do not engage.
 Story Points: ---
Clone Of:
: 2130332 (view as bug list) Environment:
Last Closed: 2023-05-09 07:37:53 UTC Type: Enhancement
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2130332    

Description Noriko Hosoi 2022-09-27 19:53:07 UTC 
Description of problem:

The postfix role can use the firewall role and the selinux role to manage port access.

### postfix_manage_firewall

Boolean flag allowing to configure firewall using the firewall role.
Manage the smtp related ports, 25/tcp, 465/tcp, and 587/tcp.
If the variable is set to `false`, the `postfix role` does not manage the
firewall.
Default to `false`.

NOTE: `postfix_manage_firewall` is limited to *adding* ports.
It cannot be used for *removing* ports.
If you want to remove ports, you will need to use the firewall system
role directly.

NOTE: the firewall management is not supported on RHEL 6.

### postfix_manage_selinux

Boolean flag allowing to configure selinux using the selinux role.
Assign `smtp_port_t` to the smtp related ports.
If the variable is set to false, the `postfix role` does not manage the
selinux

NOTE: `postfix_manage_selinux` is limited to *adding* policy.
It cannot be used for *removing* policy.
If you want to remove policy, you will need to use the selinux system
role directly.
Comment 12 errata-xmlrpc 2023-05-09 07:37:53 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (rhel-system-roles bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2023:2246