From 414a5704dfb0e3f66009362e7714dd4941948259 Mon Sep 17 00:00:00 2001
From: Jeremy Solt <jsolt@tresys.com>
Date: Tue, 16 Mar 2010 14:55:52 -0400
Subject: [PATCH] fetchmail executes programs in bin (uname), from Dan Walsh

---
 policy/modules/services/fetchmail.te | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/policy/modules/services/fetchmail.te b/policy/modules/services/fetchmail.te
index d8aaa5eb9..6f671343e 100644
--- a/policy/modules/services/fetchmail.te
+++ b/policy/modules/services/fetchmail.te
@@ -47,6 +47,8 @@ kernel_getattr_proc_files(fetchmail_t)
 kernel_read_proc_symlinks(fetchmail_t)
 kernel_dontaudit_read_system_state(fetchmail_t)
 
+#looks like it uses system command - calls uname
+corecmd_exec_bin(fetchmail_t)
 corecmd_exec_shell(fetchmail_t)
 
 corenet_all_recvfrom_unlabeled(fetchmail_t)