From b276e36914e2a8faef36ac460788515f3f956642 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: May 20 2010 12:17:06 +0000
Subject: Procmail patch from Dan Walsh.


---

diff --git a/policy/modules/services/procmail.te b/policy/modules/services/procmail.te
index a51bbf6..0e55985 100644
--- a/policy/modules/services/procmail.te
+++ b/policy/modules/services/procmail.te
@@ -1,5 +1,5 @@
 
-policy_module(procmail, 1.11.0)
+policy_module(procmail, 1.11.1)
 
 ########################################
 #
@@ -22,7 +22,7 @@ files_tmp_file(procmail_tmp_t)
 # Local policy
 #
 
-allow procmail_t self:capability { sys_nice chown setuid setgid dac_override };
+allow procmail_t self:capability { sys_nice chown fsetid setuid setgid dac_override };
 allow procmail_t self:process { setsched signal signull };
 allow procmail_t self:fifo_file rw_fifo_file_perms;
 allow procmail_t self:unix_stream_socket create_socket_perms;
@@ -92,6 +92,7 @@ userdom_user_home_dir_filetrans_user_home_content(procmail_t, { dir file lnk_fil
 userdom_dontaudit_search_user_home_dirs(procmail_t)
 
 mta_manage_spool(procmail_t)
+mta_read_queue(procmail_t)
 
 ifdef(`hide_broken_symptoms',`
 	mta_dontaudit_rw_queue(procmail_t)
@@ -136,8 +137,8 @@ optional_policy(`
 	mta_read_config(procmail_t)
 	sendmail_domtrans(procmail_t)
 	sendmail_signal(procmail_t)
-	sendmail_rw_tcp_sockets(procmail_t)
-	sendmail_rw_unix_stream_sockets(procmail_t)
+	sendmail_dontaudit_rw_tcp_sockets(procmail_t)
+	sendmail_dontaudit_rw_unix_stream_sockets(procmail_t)
 ')
 
 optional_policy(`