From 7dd47a9aa3ec1e55b9a8391213795de57789189b Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Mon, 31 Oct 2011 14:46:07 -0400
Subject: [PATCH] Make sure postfix content gets created with the correct label

---
 policy/modules/kernel/domain.te    |  4 ++++
 policy/modules/roles/sysadm.te     |  4 ++++
 policy/modules/services/postfix.if | 24 +++++++++++++++++++++++-
 3 files changed, 31 insertions(+), 1 deletion(-)

diff --git a/policy/modules/kernel/domain.te b/policy/modules/kernel/domain.te
index 4b732cda..bec26c45 100644
--- a/policy/modules/kernel/domain.te
+++ b/policy/modules/kernel/domain.te
@@ -254,6 +254,10 @@ optional_policy(`
 	nx_filetrans_named_content(unconfined_domain_type)
 ')
 
+optional_policy(`
+	postfix_filetrans_named_content(unconfined_domain_type)
+')
+
 optional_policy(`
 	pulseaudio_filetrans_home_content(unconfined_domain_type)
 	pulseaudio_filetrans_admin_home_content(unconfined_domain_type)
diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
index 2d6db898..c6aa0bce 100644
--- a/policy/modules/roles/sysadm.te
+++ b/policy/modules/roles/sysadm.te
@@ -333,6 +333,10 @@ optional_policy(`
 	portmap_run_helper(sysadm_t, sysadm_r)
 ')
 
+optional_policy(`
+	postfix_filetrans_named_content(sysadm_t)
+')
+
 optional_policy(`
 	prelink_run(sysadm_t, sysadm_r)
 ')
diff --git a/policy/modules/services/postfix.if b/policy/modules/services/postfix.if
index c22af867..ca32d303 100644
--- a/policy/modules/services/postfix.if
+++ b/policy/modules/services/postfix.if
@@ -219,7 +219,7 @@ interface(`postfix_config_filetrans',`
 	')
 
 	files_search_etc($1)
-	filetrans_pattern($1, postfix_etc_t, $2, $3)
+	filetrans_pattern($1, postfix_etc_t, $2, $3, $4)
 ')
 
 ########################################
@@ -774,6 +774,8 @@ interface(`postfix_admin',`
 	admin_pattern($1, postfix_prng_t)
 
 	admin_pattern($1, postfix_public_t)
+
+	postfix_filetrans_named_content($1)
 ')
 
 ########################################
@@ -801,3 +803,23 @@ interface(`postfix_run_postdrop',`
 	postfix_domtrans_postdrop($1)
 	role $2 types postfix_postdrop_t;
 ')
+
+########################################
+## <summary>
+##	Transition to postfix named content
+## </summary>
+## <param name="domain">
+##	<summary>
+##      Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`postfix_filetrans_named_content',`
+	gen_require(`
+		type postfix_exec_t;
+		type postfix_prng_t;
+	')
+
+	postfix_config_filetrans($1, postfix_exec_t, file, "postfix-script")
+	postfix_config_filetrans($1, postfix_prng_t, file, "prng_exch")
+')
-- 
2.47.3