diff --git a/policy/modules/services/sendmail.if b/policy/modules/services/sendmail.if
index 306a2b1..e4f4051 100644
--- a/policy/modules/services/sendmail.if
+++ b/policy/modules/services/sendmail.if
@@ -253,6 +253,24 @@ interface(`sendmail_manage_tmp_files',`
########################################
##
+## Execute sendmail in the unconfined sendmail domain.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`sendmail_domtrans_unconfined',`
+ gen_require(`
+ type unconfined_sendmail_t;
+ ')
+
+ mta_sendmail_domtrans($1, unconfined_sendmail_t)
+')
+
+########################################
+##
## Execute sendmail in the unconfined sendmail domain, and
## allow the specified role the unconfined sendmail domain,
## and use the caller's terminal.
diff --git a/policy/modules/services/sendmail.te b/policy/modules/services/sendmail.te
index c1d2297..43edd99 100644
--- a/policy/modules/services/sendmail.te
+++ b/policy/modules/services/sendmail.te
@@ -1,5 +1,5 @@
-policy_module(sendmail, 1.10.1)
+policy_module(sendmail, 1.10.2)
########################################
#
@@ -30,7 +30,7 @@ role system_r types unconfined_sendmail_t;
#
allow sendmail_t self:capability { dac_override setuid setgid net_bind_service sys_nice chown sys_tty_config };
-allow sendmail_t self:process { setrlimit signal signull };
+allow sendmail_t self:process { setsched setpgid setrlimit signal signull };
allow sendmail_t self:fifo_file rw_fifo_file_perms;
allow sendmail_t self:unix_stream_socket create_stream_socket_perms;
allow sendmail_t self:unix_dgram_socket create_socket_perms;
@@ -72,6 +72,7 @@ fs_search_auto_mountpoints(sendmail_t)
fs_rw_anon_inodefs_files(sendmail_t)
term_dontaudit_use_console(sendmail_t)
+term_dontaudit_use_generic_ptys(sendmail_t)
# for piping mail to a command
corecmd_exec_shell(sendmail_t)
@@ -133,6 +134,7 @@ optional_policy(`
optional_policy(`
fail2ban_read_lib_files(sendmail_t)
+ fail2ban_rw_stream_sockets(sendmail_t)
')
optional_policy(`