From Debian package 0.2.20100524-11

  * Allow nagios services to connect to mysql servers via tcp and read /etc
    files for mysql.
  * Allow nagios_mail_plugin_t to read usr files.
  * Allow postfix_postqueue_t to use a fd from nagios_mail_plugin_t.
  * Allow nagios_checkdisk_plugin_t to getattr all mountpoint dirs, so it
    can check the root directory of a filesystem.

Replaces the posftix_exec_postqueue interface (note the typo in the interface
name) by posftix_run_postqueue - where does the domain transition
nagios_mail_plugin_t -> postfix_postqueue_t happen?

Index: policy/modules/services/nagios.te
===================================================================
--- policy/modules/services/nagios.te.orig
+++ policy/modules/services/nagios.te
@@ -316,6 +316,8 @@
 
 sysnet_read_config(nagios_mail_plugin_t)
 
+files_read_usr_files(nagios_mail_plugin_t)
+
 optional_policy(`
 	mta_send_mail(nagios_mail_plugin_t)
 ')
@@ -330,7 +332,7 @@
 
 optional_policy(`
 	postfix_stream_connect_master(nagios_mail_plugin_t)
-	posftix_exec_postqueue(nagios_mail_plugin_t)
+	posftix_run_postqueue(nagios_mail_plugin_t)
 	postfix_list_spool(nagios_mail_plugin_t)
 	postfix_read_spool_files(nagios_mail_plugin_t)
 ')
@@ -347,6 +349,7 @@
 files_read_etc_runtime_files(nagios_checkdisk_plugin_t)
 
 fs_getattr_all_fs(nagios_checkdisk_plugin_t)
+files_getattr_all_mountpoints(nagios_checkdisk_plugin_t)
 
 storage_raw_read_fixed_disk(nagios_checkdisk_plugin_t)
 
@@ -377,6 +380,8 @@
 ')
 
 optional_policy(`
+	mysql_read_config(nagios_services_plugin_t)
+	mysql_tcp_connect(nagios_services_plugin_t)
 	mysql_stream_connect(nagios_services_plugin_t)
 ')
 
Index: policy/modules/services/postfix.if
===================================================================
--- policy/modules/services/postfix.if.orig
+++ policy/modules/services/postfix.if
@@ -456,7 +456,7 @@
 
 #######################################
 ## <summary>
-##	Execute the master postqueue in the caller domain.
+##	Allow the master postqueue to use a fifo of the caller and send sigchld
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -464,12 +464,14 @@
 ##	</summary>
 ## </param>
 #
-interface(`posftix_exec_postqueue',`
+interface(`posftix_run_postqueue',`
 	gen_require(`
-		type postfix_postqueue_exec_t;
+		type postfix_postqueue_t;
 	')
 
-	can_exec($1, postfix_postqueue_exec_t)
+	allow postfix_postqueue_t $1:fd use;
+	allow postfix_postqueue_t $1:fifo_file rw_file_perms;
+	allow postfix_postqueue_t $1:process sigchld;
 ')
 
 ########################################