From c7890cddaf20f6a4a263aa127891dde0b407b43e Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@fedoraproject.org>
Date: Nov 13 2007 21:43:23 +0000
Subject: - Allow dovecot to communicate with postfix_private sockets


---

diff --git a/policy-20070501.patch b/policy-20070501.patch
index 6d6ff60..fd10ad8 100644
--- a/policy-20070501.patch
+++ b/policy-20070501.patch
@@ -5598,7 +5598,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-2.6.4/policy/modules/services/dovecot.te
 --- nsaserefpolicy/policy/modules/services/dovecot.te	2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/dovecot.te	2007-11-06 11:00:24.000000000 -0500
++++ serefpolicy-2.6.4/policy/modules/services/dovecot.te	2007-11-13 16:42:56.000000000 -0500
 @@ -15,6 +15,12 @@
  domain_entry_file(dovecot_auth_t,dovecot_auth_exec_t)
  role system_r types dovecot_auth_t;
@@ -5737,7 +5737,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove
 +')
 +
 +optional_policy(`
-+	postfix_create_pivate_sockets(dovecot_auth_t)
++	postfix_manage_pivate_sockets(dovecot_auth_t)
 +	postfix_search_spool(dovecot_auth_t)
 +')
 +
@@ -5782,7 +5782,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim
 --- nsaserefpolicy/policy/modules/services/exim.fc	1969-12-31 19:00:00.000000000 -0500
 +++ serefpolicy-2.6.4/policy/modules/services/exim.fc	2007-10-05 09:28:27.000000000 -0400
 @@ -0,0 +1,16 @@
-+# $Id: policy-20070501.patch,v 1.75 2007/11/12 23:04:14 dwalsh Exp $
++# $Id: policy-20070501.patch,v 1.76 2007/11/13 21:43:23 dwalsh Exp $
 +# Draft SELinux refpolicy module for the Exim MTA
 +# 
 +# Devin Carraway <selinux/at/devin.com>
@@ -5963,7 +5963,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim
 --- nsaserefpolicy/policy/modules/services/exim.te	1969-12-31 19:00:00.000000000 -0500
 +++ serefpolicy-2.6.4/policy/modules/services/exim.te	2007-10-30 16:46:45.000000000 -0400
 @@ -0,0 +1,231 @@
-+# $Id: policy-20070501.patch,v 1.75 2007/11/12 23:04:14 dwalsh Exp $
++# $Id: policy-20070501.patch,v 1.76 2007/11/13 21:43:23 dwalsh Exp $
 +# Draft SELinux refpolicy module for the Exim MTA
 +# 
 +# Devin Carraway <selinux/at/devin.com>
@@ -8069,7 +8069,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  /usr/libexec/postfix/(n)?qmgr -- gen_context(system_u:object_r:postfix_qmgr_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.if serefpolicy-2.6.4/policy/modules/services/postfix.if
 --- nsaserefpolicy/policy/modules/services/postfix.if	2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/postfix.if	2007-09-26 11:18:04.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/postfix.if	2007-11-13 16:42:47.000000000 -0500
 @@ -41,6 +41,7 @@
  	allow postfix_$1_t self:unix_stream_socket connectto;
  
@@ -8176,7 +8176,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  ##	Execute postfix user mail programs
  ##	in their respective domains.
  ## </summary>
-@@ -455,3 +509,22 @@
+@@ -455,3 +509,42 @@
  
  	typeattribute $1 postfix_user_domtrans;
  ')
@@ -8199,6 +8199,26 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
 +	allow $1 postfix_private_t:dir list_dir_perms;
 +	create_sock_files_pattern($1,postfix_private_t,postfix_private_t)
 +')
++
++########################################
++## <summary>
++##	Manage named socket in a postfix private directory.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`postfix_manage_pivate_sockets',`
++	gen_require(`
++		type postfix_private_t;
++	')
++
++	allow $1 postfix_private_t:dir list_dir_perms;
++	manage_sock_files_pattern($1,postfix_private_t,postfix_private_t)
++')
++
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-2.6.4/policy/modules/services/postfix.te
 --- nsaserefpolicy/policy/modules/services/postfix.te	2007-05-07 14:51:01.000000000 -0400
 +++ serefpolicy-2.6.4/policy/modules/services/postfix.te	2007-10-12 09:13:26.000000000 -0400
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 22dab8b..cdcf06c 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 2.6.4
-Release: 56%{?dist}
+Release: 57%{?dist}
 License: GPL
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -363,6 +363,9 @@ semodule -b base.pp -r bootloader -r clock -r dpkg -r fstools -r hotplug -r init
 %endif
 
 %changelog
+* Tue Nov 13 2007 Dan Walsh <dwalsh@redhat.com> 2.6.4-57
+- Allow dovecot to communicate with postfix_private sockets
+
 * Tue Nov 6 2007 Dan Walsh <dwalsh@redhat.com> 2.6.4-56
 - Allow saslauthd to use nis_authentication