From 42d115aa530ccf147c5a7bb2e24548032ae4780b Mon Sep 17 00:00:00 2001
From: Chris PeBenito <chpebeni@linux.microsoft.com>
Date: Fri, 22 Nov 2019 16:39:35 -0500
Subject: [PATCH] unconfined: Fix systemd --user rule.

Use the full init_pgm_spec_user_daemon_domain() to ensure correct
permissions.

Signed-off-by: Chris PeBenito <chpebeni@linux.microsoft.com>
---
 policy/modules/system/init.if       | 7 +------
 policy/modules/system/unconfined.te | 2 +-
 2 files changed, 2 insertions(+), 7 deletions(-)

diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if
index 20a77c40c..62ab4da81 100644
--- a/policy/modules/system/init.if
+++ b/policy/modules/system/init.if
@@ -672,12 +672,7 @@ interface(`init_domtrans',`
 ## </desc>
 ## <param name="domain">
 ##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-## <param name="domain">
-##	<summary>
-##	New domain.
+##	The type to be used as a systemd --user domain.
 ##	</summary>
 ## </param>
 #
diff --git a/policy/modules/system/unconfined.te b/policy/modules/system/unconfined.te
index 11ccc193c..0eed122a5 100644
--- a/policy/modules/system/unconfined.te
+++ b/policy/modules/system/unconfined.te
@@ -62,7 +62,7 @@ ifdef(`init_systemd',`
 	# for systemd-analyze
 	init_service_status(unconfined_t)
 	# for systemd --user:
-	init_pgm_entrypoint(unconfined_t)
+	init_pgm_spec_user_daemon_domain(unconfined_t)
 
 	optional_policy(`
 		systemd_dbus_chat_resolved(unconfined_t)