partial mailman merge

refpolicy/policy/modules/services/mta.if

@@ -280,6 +280,22 @@ interface(`mta_send_mail',`
 	')
 ')
 
+#######################################
+## <summary>
+##	Connect to all mail servers over TCP.
+## </summary>
+## <param name="domain">
+##	Mail server domain.
+## </param>
+#
+interface(`mta_tcp_connect_all_mailservers',`
+	gen_require(`
+		attribute mailserver_domain;
+	')
+
+	allow $1 mailserver_domain:tcp_socket { connectto recvfrom };
+')
+
 #######################################
 #
 # mta_exec(domain)

refpolicy/policy/modules/system/files.if

@@ -2429,12 +2429,29 @@ interface(`files_search_locks',`
 interface(`files_dontaudit_search_locks',`
 	gen_require(`
 		type var_lock_t;
-		class dir search;
 	')
 
 	dontaudit $1 var_lock_t:dir search;
 ')
 
+########################################
+## <summary>
+##	Add and remove entries in the /var/lock
+##	directories.
+## </summary>
+## <param name="domain">
+##	Domain allowed access.
+## </param>
+#
+interface(`files_rw_locks_dir',`
+	gen_require(`
+		type var_t, var_lock_t;
+	')
+
+	allow $1 var_t:dir search;
+	allow $1 var_lock_t:dir rw_dir_perms;
+')
+
 ########################################
 #
 # files_getattr_generic_locks(domain)
@@ -2535,16 +2552,20 @@ interface(`files_search_pids',`
 ')
 
 ########################################
-#
+## <summary>
-# files_dontaudit_search_pids(domain)
+##	Do not audit attempts to search
+##	the /var/run directory.
+## </summary>
+## <param name="domain">
+##	Domain to not audit.
+## </param>
 #
 interface(`files_dontaudit_search_pids',`
 	gen_require(`
 		type var_run_t;
-		class dir search;
 	')
 
-	allow $1 var_run_t:dir search;
+	dontaudit $1 var_run_t:dir search;
 ')
 
 ########################################