From c6a3a22457e59c13ad09ca1332b9c1f4c20b8b8a Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: May 13 2005 20:52:28 +0000
Subject: add more parts to send_mail and drop transition since its more then a transition



---

diff --git a/refpolicy/policy/modules/services/mta.if b/refpolicy/policy/modules/services/mta.if
index 0200795..6f47072 100644
--- a/refpolicy/policy/modules/services/mta.if
+++ b/refpolicy/policy/modules/services/mta.if
@@ -165,22 +165,29 @@ type sendmail_exec_t;
 
 #######################################
 #
-# mta_send_mail_transition(domain)
+# mta_send_mail(domain)
 #
-define(`mta_send_mail_transition',`
+define(`mta_send_mail',`
 requires_block_template(`$0'_depend)
 allow $1 sendmail_exec_t:lnk_file { getattr read };
 allow $1 sendmail_exec_t:file { getattr read execute };
 allow $1 system_mail_t:process transition;
 type_transition $1 sendmail_exec_t:file system_mail_t;
 dontaudit $1 system_mail_t:process { noatsecure siginh rlimitinh };
+
+allow $1 system_mail_t:fd use;
+allow system_mail_t $1:process sigchld;
+allow system_mail_t $1:fd use;
+allow system_mail_t $1:fifo_file { ioctl read getattr lock write append };
 ')
 
-define(`mta_send_mail_transition_depend',`
+define(`mta_send_mail_depend',`
 type system_mail_t, sendmail_exec_t;
 class file { getattr read execute };
 class lnk_file { getattr read };
-class process { transition noatsecure siginh rlimitinh };
+class process { transition noatsecure siginh rlimitinh sigchld };
+class fd use;
+class fifo_file { ioctl read getattr lock write append };
 ')
 
 #######################################