trunk: Patch to handle postfix data_directory from Vaclav Ovsik.

Changelog

@@ -1,3 +1,4 @@
+- Patch to handle postfix data_directory from Vaclav Ovsik.
 - SE-Postgresql policy from KaiGai Kohei.
 - Patch for X.org dbus support from Martin Orr.
 - Patch for labeled networking controls in 2.6.25 from Paul Moore.

policy/modules/services/postfix.fc

@@ -43,6 +43,9 @@ ifdef(`distro_redhat', `
 /usr/sbin/postmap	--	gen_context(system_u:object_r:postfix_map_exec_t,s0)
 /usr/sbin/postqueue	--	gen_context(system_u:object_r:postfix_postqueue_exec_t,s0)
 /usr/sbin/postsuper	--	gen_context(system_u:object_r:postfix_master_exec_t,s0)
+
+/var/lib/postfix(/.*)?		gen_context(system_u:object_r:postfix_data_t,s0)
+
 /var/spool/postfix(/.*)?		gen_context(system_u:object_r:postfix_spool_t,s0)
 /var/spool/postfix/maildrop(/.*)? gen_context(system_u:object_r:postfix_spool_maildrop_t,s0)
 /var/spool/postfix/pid/.*	gen_context(system_u:object_r:postfix_var_run_t,s0)

policy/modules/services/postfix.te

@@ -1,5 +1,5 @@
 
-policy_module(postfix,1.8.0)
+policy_module(postfix, 1.8.1)
 
 ########################################
 #
@@ -83,6 +83,10 @@ files_type(postfix_public_t)
 type postfix_var_run_t;
 files_pid_file(postfix_var_run_t)
 
+# the data_directory config parameter
+type postfix_data_t;
+files_type(postfix_data_t)
+
 postfix_server_domain_template(virtual)
 mta_mailserver_delivery(postfix_virtual_t)
 
@@ -104,6 +108,9 @@ allow postfix_master_t postfix_etc_t:file rw_file_perms;
 
 can_exec(postfix_master_t,postfix_exec_t)
 
+allow postfix_master_t postfix_data_t:dir manage_dir_perms;
+allow postfix_master_t postfix_data_t:file manage_file_perms;
+
 allow postfix_master_t postfix_map_exec_t:file { mmap_file_perms ioctl lock };
 
 allow postfix_master_t postfix_postdrop_exec_t:file getattr;