From c43df4f0131a7870beef94eb9c5a5fb048379566 Mon Sep 17 00:00:00 2001
From: Zdenek Pytela <zpytela@redhat.com>
Date: Wed, 24 Nov 2021 16:13:35 +0100
Subject: [PATCH] Allow svnserve send mail from the system

Reference: https://gitbub.com/fedora-selinux/selinux-policy/commit/c43df4f0131a7870beef94eb9c5a5fb048379566
Conflict: NA

If a svn hook needs to send an e-mail, the service needs to be allowed
to execute an MTA program. In this commit, the mta_send_mail() interface
call for svnserve_t was added to allow permissions to execute types from
the mta_exec_type attribute which currently is:
- courier_exec_t
- exim_exec_t
- postfix_postdrop_t
- sendmail_exec_t

Resolves: rhbz#2004843
Signed-off-by: lujie54 <lujie54@huawei.com>
---
 policy/modules/contrib/svnserve.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/policy/modules/contrib/svnserve.te b/policy/modules/contrib/svnserve.te
index 874e7c2..c603551 100644
--- a/policy/modules/contrib/svnserve.te
+++ b/policy/modules/contrib/svnserve.te
@@ -90,6 +90,10 @@ optional_policy(`
 ')
 
 optional_policy(`
+	mta_send_mail(svnserve_t)
+')
+
+optional_policy(`
     sasl_connect(svnserve_t)
 ')
 
-- 
1.8.3.1