From 4d23beaaa074f998b01507b82d12803702297adf Mon Sep 17 00:00:00 2001
From: Miroslav Grepl <mgrepl@fedoraproject.org>
Date: Apr 17 2009 14:24:09 +0000
Subject: - Fix postfix master policy


---

diff --git a/policy-20071130.patch b/policy-20071130.patch
index f9837f5..32d3023 100644
--- a/policy-20071130.patch
+++ b/policy-20071130.patch
@@ -658579,7 +658579,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  # Local Policy
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-3.3.1/policy/modules/services/postfix.te
 --- nsaserefpolicy/policy/modules/services/postfix.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/postfix.te	2009-02-12 22:21:57.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/postfix.te	2009-04-16 12:54:15.000000000 +0200
 @@ -6,6 +6,15 @@
  # Declarations
  #
@@ -658666,7 +658666,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  
  allow postfix_master_t postfix_etc_t:file rw_file_perms;
  
-@@ -122,6 +142,10 @@
+@@ -122,9 +142,14 @@
  
  domtrans_pattern(postfix_master_t, postfix_showq_exec_t, postfix_showq_t)
  
@@ -658677,7 +658677,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  # allow access to deferred queue and allow removing bogus incoming entries
  manage_dirs_pattern(postfix_master_t,postfix_spool_t,postfix_spool_t)
  manage_files_pattern(postfix_master_t,postfix_spool_t,postfix_spool_t)
-@@ -135,6 +159,7 @@
++files_spool_filetrans(postfix_master_t, postfix_spool_t, dir)
+ 
+ allow postfix_master_t postfix_spool_bounce_t:dir manage_dir_perms;
+ allow postfix_master_t postfix_spool_bounce_t:file getattr;
+@@ -135,6 +160,7 @@
  
  delete_files_pattern(postfix_master_t,postfix_spool_maildrop_t,postfix_spool_maildrop_t)
  rename_files_pattern(postfix_master_t,postfix_spool_maildrop_t,postfix_spool_maildrop_t)
@@ -658685,7 +658689,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  
  kernel_read_all_sysctls(postfix_master_t)
  
-@@ -174,6 +199,7 @@
+@@ -174,6 +200,7 @@
  
  mta_rw_aliases(postfix_master_t)
  mta_read_sendmail_bin(postfix_master_t)
@@ -658693,7 +658697,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  
  optional_policy(`
  	cyrus_stream_connect(postfix_master_t)
-@@ -189,6 +215,10 @@
+@@ -189,6 +216,10 @@
  ')
  
  optional_policy(`
@@ -658704,7 +658708,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  	sendmail_signal(postfix_master_t)
  ')
  
-@@ -248,6 +278,10 @@
+@@ -248,6 +279,10 @@
  
  corecmd_exec_bin(postfix_cleanup_t)
  
@@ -658715,7 +658719,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  ########################################
  #
  # Postfix local local policy
-@@ -273,18 +307,25 @@
+@@ -273,18 +308,25 @@
  
  files_read_etc_files(postfix_local_t)
  
@@ -658741,7 +658745,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  ')
  
  optional_policy(`
-@@ -295,8 +336,7 @@
+@@ -295,8 +337,7 @@
  #
  # Postfix map local policy
  #
@@ -658751,7 +658755,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  allow postfix_map_t self:unix_stream_socket create_stream_socket_perms;
  allow postfix_map_t self:unix_dgram_socket create_socket_perms;
  allow postfix_map_t self:tcp_socket create_stream_socket_perms;
-@@ -346,8 +386,6 @@
+@@ -346,8 +387,6 @@
  
  miscfiles_read_localization(postfix_map_t)
  
@@ -658760,7 +658764,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  tunable_policy(`read_default_t',`
  	files_list_default(postfix_map_t)
  	files_read_default_files(postfix_map_t)
-@@ -360,6 +398,11 @@
+@@ -360,6 +399,11 @@
  	locallogin_dontaudit_use_fds(postfix_map_t)
  ')
  
@@ -658772,7 +658776,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  ########################################
  #
  # Postfix pickup local policy
-@@ -384,6 +427,7 @@
+@@ -384,6 +428,7 @@
  #
  
  allow postfix_pipe_t self:fifo_file rw_fifo_file_perms;
@@ -658780,7 +658784,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  
  write_sock_files_pattern(postfix_pipe_t,postfix_private_t,postfix_private_t)
  
-@@ -391,6 +435,12 @@
+@@ -391,6 +436,12 @@
  
  rw_files_pattern(postfix_pipe_t,postfix_spool_t,postfix_spool_t)
  
@@ -658793,7 +658797,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  optional_policy(`
  	procmail_domtrans(postfix_pipe_t)
  ')
-@@ -400,6 +450,10 @@
+@@ -400,6 +451,10 @@
  ')
  
  optional_policy(`
@@ -658804,7 +658808,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  	uucp_domtrans_uux(postfix_pipe_t)
  ')
  
-@@ -436,8 +490,11 @@
+@@ -436,8 +491,11 @@
  ')
  
  optional_policy(`
@@ -658818,7 +658822,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  ')
  
  #######################################
-@@ -463,6 +520,15 @@
+@@ -463,6 +521,15 @@
  init_sigchld_script(postfix_postqueue_t)
  init_use_script_fds(postfix_postqueue_t)
  
@@ -658834,7 +658838,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  ########################################
  #
  # Postfix qmgr local policy
-@@ -519,10 +585,22 @@
+@@ -519,10 +586,22 @@
  
  files_dontaudit_getattr_home_dir(postfix_smtp_t)
  
@@ -658857,7 +658861,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  ########################################
  #
  # Postfix smtpd local policy
-@@ -532,9 +610,6 @@
+@@ -532,9 +611,6 @@
  # connect to master process
  stream_connect_pattern(postfix_smtpd_t,{ postfix_private_t postfix_public_t },{ postfix_private_t postfix_public_t },postfix_master_t)
  
@@ -658867,7 +658871,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  # for prng_exch
  allow postfix_smtpd_t postfix_spool_t:file rw_file_perms;
  allow postfix_smtpd_t postfix_prng_t:file rw_file_perms;
-@@ -557,6 +632,10 @@
+@@ -557,6 +633,10 @@
  	sasl_connect(postfix_smtpd_t)
  ')
  
@@ -658878,7 +658882,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  ########################################
  #
  # Postfix virtual local policy
-@@ -572,7 +651,7 @@
+@@ -572,7 +652,7 @@
  files_tmp_filetrans(postfix_virtual_t, postfix_virtual_tmp_t, { file dir })
  
  # connect to master process
diff --git a/selinux-policy.spec b/selinux-policy.spec
index b5c290c..3c75ec8 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.3.1
-Release: 131%{?dist}
+Release: 132%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -444,6 +444,9 @@ exit 0
 %endif
 
 %changelog
+* Fri Apr 17 2009 Miroslav Grepl <mgrepl@redhat.com> 3.3.1-132
+- Fix postfix-master policy
+
 * Fri Apr 3 2009 Miroslav Grepl <mgrepl@redhat.com> 3.3.1-131
 - Allow spamc_t to manage spamassassin milter state