trunk: confine sendmail and logrotate on targeted

Changelog

@@ -1,3 +1,4 @@
+- Confine sendmail and logrotate on targeted.
 - Tunable connection to postgresql for users from KaiGai Kohei.
 - Memprotect support patch from Stephen Smalley.
 - Add logging_send_audit_msgs() interface and deprecate

policy/modules/admin/logrotate.te

@@ -1,5 +1,5 @@
 
-policy_module(logrotate,1.4.0)
+policy_module(logrotate,1.4.1)
 
 ########################################
 #
@@ -130,10 +130,6 @@ ifdef(`distro_debian', `
 	can_exec(logrotate_t, logrotate_exec_t)
 ')
 
-ifdef(`targeted_policy',`
-	unconfined_domain(logrotate_t)
-')
-
 optional_policy(`
 	acct_domtrans(logrotate_t)
 	acct_manage_data(logrotate_t)

policy/modules/services/sendmail.te

@@ -1,5 +1,5 @@
 
-policy_module(sendmail,1.4.1)
+policy_module(sendmail,1.4.2)
 
 ########################################
 #
@@ -107,7 +107,6 @@ mta_manage_queue(sendmail_t)
 mta_manage_spool(sendmail_t)
 
 ifdef(`targeted_policy',`
-	unconfined_domain(sendmail_t)
 	term_dontaudit_use_unallocated_ttys(sendmail_t)
 	term_dontaudit_use_generic_ptys(sendmail_t)
 	files_dontaudit_read_root_files(sendmail_t)