Allow sendmail to map mail server configuration files

Fixes:
type=PROCTITLE msg=audit(11/15/2024 02:41:04.796:891) : proctitle=sendmail: startup with localhost
type=MMAP msg=audit(11/15/2024 02:41:04.796:891) : fd=5 flags=MAP_SHARED
type=SYSCALL msg=audit(11/15/2024 02:41:04.796:891) : arch=x86_64 syscall=mmap success=no exit=EACCES(Permission denied) a0=0x0 a1=0x896 a2=PROT_READ a3=MAP_SHARED items=0 ppid=12782 pid=12850 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=smmsp sgid=smmsp fsgid=smmsp tty=(none) ses=unset comm=sendmail exe=/usr/sbin/sendmail.sendmail subj=system_u:system_r:sendmail_t:s0 key=(null)
type=AVC msg=audit(11/15/2024 02:41:04.796:891) : avc:  denied  { map } for  pid=12850 comm=sendmail path=/etc/mail/access.cdb dev="vda2" ino=16783732 scontext=system_u:system_r:sendmail_t:s0 tcontext=unconfined_u:object_r:etc_mail_t:s0 tclass=file permissive=0

Related: https://issues.redhat.com/browse/RHEL-54014
Signed-off-by: Ondrej Mosnacek <[email protected]>

policy/modules/contrib/mta.if

@@ -524,6 +524,25 @@ interface(`mta_read_config',`
 	read_lnk_files_pattern($1, etc_mail_t, etc_mail_t)
 ')
 
+########################################
+## <summary>
+##	Mmap mail server configuration.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`mta_map_config',`
+	gen_require(`
+		type etc_mail_t;
+	')
+
+	allow $1 etc_mail_t:file map;
+')
+
 ########################################
 ## <summary>
 ##	write mail server configuration.

policy/modules/contrib/sendmail.te

@@ -126,6 +126,7 @@ userdom_read_user_home_content_files(sendmail_t)
 userdom_dontaudit_list_user_home_dirs(sendmail_t)
 
 mta_read_config(sendmail_t)
+mta_map_config(sendmail_t)
 mta_etc_filetrans_aliases(sendmail_t)
 # Write to /etc/aliases and /etc/mail.
 mta_map_aliases(sendmail_t)