From 9d3e339e8245f27b4d496ac6a8550ccf4ad74450 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Fri, 7 Oct 2005 19:35:36 +0000
Subject: [PATCH] partial mailman merge

---
 refpolicy/policy/modules/services/mta.if | 16 ++++++++++++
 refpolicy/policy/modules/system/files.if | 31 ++++++++++++++++++++----
 2 files changed, 42 insertions(+), 5 deletions(-)

diff --git a/refpolicy/policy/modules/services/mta.if b/refpolicy/policy/modules/services/mta.if
index ccd249d6..1bc01778 100644
--- a/refpolicy/policy/modules/services/mta.if
+++ b/refpolicy/policy/modules/services/mta.if
@@ -280,6 +280,22 @@ interface(`mta_send_mail',`
 	')
 ')
 
+#######################################
+## <summary>
+##	Connect to all mail servers over TCP.
+## </summary>
+## <param name="domain">
+##	Mail server domain.
+## </param>
+#
+interface(`mta_tcp_connect_all_mailservers',`
+	gen_require(`
+		attribute mailserver_domain;
+	')
+
+	allow $1 mailserver_domain:tcp_socket { connectto recvfrom };
+')
+
 #######################################
 #
 # mta_exec(domain)
diff --git a/refpolicy/policy/modules/system/files.if b/refpolicy/policy/modules/system/files.if
index d365295a..87a1c41f 100644
--- a/refpolicy/policy/modules/system/files.if
+++ b/refpolicy/policy/modules/system/files.if
@@ -2429,12 +2429,29 @@ interface(`files_search_locks',`
 interface(`files_dontaudit_search_locks',`
 	gen_require(`
 		type var_lock_t;
-		class dir search;
 	')
 
 	dontaudit $1 var_lock_t:dir search;
 ')
 
+########################################
+## <summary>
+##	Add and remove entries in the /var/lock
+##	directories.
+## </summary>
+## <param name="domain">
+##	Domain allowed access.
+## </param>
+#
+interface(`files_rw_locks_dir',`
+	gen_require(`
+		type var_t, var_lock_t;
+	')
+
+	allow $1 var_t:dir search;
+	allow $1 var_lock_t:dir rw_dir_perms;
+')
+
 ########################################
 #
 # files_getattr_generic_locks(domain)
@@ -2535,16 +2552,20 @@ interface(`files_search_pids',`
 ')
 
 ########################################
-#
-# files_dontaudit_search_pids(domain)
+## <summary>
+##	Do not audit attempts to search
+##	the /var/run directory.
+## </summary>
+## <param name="domain">
+##	Domain to not audit.
+## </param>
 #
 interface(`files_dontaudit_search_pids',`
 	gen_require(`
 		type var_run_t;
-		class dir search;
 	')
 
-	allow $1 var_run_t:dir search;
+	dontaudit $1 var_run_t:dir search;
 ')
 
 ########################################