From e7a813f9010bd1258fed3966d52f83e418f717df Mon Sep 17 00:00:00 2001
From: Miroslav Grepl <mgrepl@fedoraproject.org>
Date: Jun 03 2009 14:00:25 +0000
Subject: - Allow sendmail to transition to postfix_postqueue domain


---

diff --git a/policy-20080710.patch b/policy-20080710.patch
index eaa164d..09d723d 100644
--- a/policy-20080710.patch
+++ b/policy-20080710.patch
@@ -23376,7 +23376,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  /var/spool/postfix/private(/.*)? gen_context(system_u:object_r:postfix_private_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.if serefpolicy-3.5.13/policy/modules/services/postfix.if
 --- nsaserefpolicy/policy/modules/services/postfix.if	2008-10-17 14:49:13.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/services/postfix.if	2009-03-05 13:42:04.000000000 +0100
++++ serefpolicy-3.5.13/policy/modules/services/postfix.if	2009-06-03 14:57:00.000000000 +0200
 @@ -46,6 +46,7 @@
  
  	allow postfix_$1_t postfix_etc_t:dir list_dir_perms;
@@ -23440,7 +23440,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  	gen_require(`
  		type postfix_private_t;
  	')
-@@ -432,6 +452,25 @@
+@@ -432,6 +452,44 @@
  
  ########################################
  ## <summary>
@@ -23461,12 +23461,31 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
 +	manage_sock_files_pattern($1, postfix_private_t, postfix_private_t)
 +')
 +
++#######################################
++## <summary>
++##      Execute the postqueue postfix program in the
++##      postfix_postqueue domain.
++## </summary>
++## <param name="domain">
++##      <summary>
++##      Domain allowed access.
++##      </summary>
++## </param>
++#
++interface(`postfix_domtrans_postqueue',`
++        gen_require(`
++                type postfix_postqueue_t, postfix_postqueue_exec_t;
++        ')
++
++        domtrans_pattern($1, postfix_postqueue_exec_t, postfix_postqueue_t)
++')
++
 +########################################
 +## <summary>
  ##	Execute the master postfix program in the
  ##	postfix_master domain.
  ## </summary>
-@@ -461,10 +500,10 @@
+@@ -461,10 +519,10 @@
  #
  interface(`postfix_search_spool',`
  	gen_require(`
@@ -23479,7 +23498,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  	files_search_spool($1)
  ')
  
-@@ -480,15 +519,34 @@
+@@ -480,15 +538,34 @@
  #
  interface(`postfix_list_spool',`
  	gen_require(`
@@ -23516,7 +23535,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  ##	Read postfix mail spool files.
  ## </summary>
  ## <param name="domain">
-@@ -499,11 +557,30 @@
+@@ -499,11 +576,30 @@
  #
  interface(`postfix_read_spool_files',`
  	gen_require(`
@@ -23549,7 +23568,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  ')
  
  ########################################
-@@ -524,3 +601,23 @@
+@@ -524,3 +620,23 @@
  
  	typeattribute $1 postfix_user_domtrans;
  ')
@@ -27581,7 +27600,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.te serefpolicy-3.5.13/policy/modules/services/sendmail.te
 --- nsaserefpolicy/policy/modules/services/sendmail.te	2008-10-17 14:49:13.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/services/sendmail.te	2009-04-14 12:30:20.000000000 +0200
++++ serefpolicy-3.5.13/policy/modules/services/sendmail.te	2009-06-03 14:57:34.000000000 +0200
 @@ -20,13 +20,17 @@
  mta_mailserver_delivery(sendmail_t)
  mta_mailserver_sender(sendmail_t)
@@ -27641,7 +27660,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send
  
  auth_use_nsswitch(sendmail_t)
  
-@@ -91,34 +102,63 @@
+@@ -91,34 +102,64 @@
  libs_read_lib_files(sendmail_t)
  
  logging_send_syslog_msg(sendmail_t)
@@ -27697,6 +27716,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send
 +
 +optional_policy(`
 +	postfix_domtrans_postdrop(sendmail_t)
++	postfix_domtrans_postqueue(sendmail_t)
 +	postfix_domtrans_master(sendmail_t)
  	postfix_read_config(sendmail_t)
  	postfix_search_spool(sendmail_t)
@@ -27708,7 +27728,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send
  ')
  
  optional_policy(`
-@@ -126,24 +166,33 @@
+@@ -126,24 +167,33 @@
  ')
  
  optional_policy(`
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 89e5966..e25f84b 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.5.13
-Release: 62%{?dist}
+Release: 63%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -462,6 +462,9 @@ exit 0
 %endif
 
 %changelog
+* Wed Jun 3 2009 Miroslav Grepl <mgrepl@redhat.com> 3.5.13-63
+- Allow sendmail to transition to postfix_postqueue domain
+
 * Wed Jun 3 2009 Miroslav Grepl <mgrepl@redhat.com> 3.5.13-62
 - Allow hald to manage fusefs_t directories