From 55f64a8112a3839b443764e6288bbdf99541519b Mon Sep 17 00:00:00 2001
From: Nicolas Iooss <nicolas.iooss@m4x.org>
Date: Sat, 19 Mar 2016 10:30:42 +0100
Subject: [PATCH] Label system-config-printer applet properly on Arch Linux

It is used by system-config-printer, as shown by these AVC denials:

    avc:  denied  { execute } for  pid=1061 comm="system-config-p"
    name="applet.py" dev="dm-0" ino=9568316
    scontext=sysadm_u:sysadm_r:sysadm_t tcontext=system_u:object_r:usr_t
    tclass=file permissive=1

    avc:  denied  { execute_no_trans } for  pid=1061
    comm="system-config-p"
    path="/usr/share/system-config-printer/applet.py" dev="dm-0"
    ino=9568316 scontext=sysadm_u:sysadm_r:sysadm_t
    tcontext=system_u:object_r:usr_t tclass=file permissive=1
---
 policy/modules/kernel/corecommands.fc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc
index 0a6672cf5..356d18fcb 100644
--- a/policy/modules/kernel/corecommands.fc
+++ b/policy/modules/kernel/corecommands.fc
@@ -319,6 +319,7 @@ ifdef(`distro_gentoo',`
 /usr/share/shorewall-lite(/.*)? 	gen_context(system_u:object_r:bin_t,s0)
 /usr/share/shorewall6-lite(/.*)?	gen_context(system_u:object_r:bin_t,s0)
 /usr/share/spamassassin/sa-update\.cron gen_context(system_u:object_r:bin_t,s0)
+/usr/share/system-config-printer/applet\.py -- gen_context(system_u:object_r:bin_t,s0)
 /usr/share/texmf-dist/scripts(/.*)?	gen_context(system_u:object_r:bin_t,s0)
 /usr/share/turboprint/lib(/.*)?	--	gen_context(system_u:object_r:bin_t,s0)
 /usr/share/vhostmd/scripts(/.*)?	gen_context(system_u:object_r:bin_t,s0)
@@ -376,7 +377,6 @@ ifdef(`distro_redhat', `
 /usr/share/system-config-network/neat-control\.py -- gen_context(system_u:object_r:bin_t,s0)
 /usr/share/system-config-nfs/nfs-export\.py -- gen_context(system_u:object_r:bin_t,s0)
 /usr/share/system-config-nfs/system-config-nfs\.py -- gen_context(system_u:object_r:bin_t,s0)
-/usr/share/system-config-printer/applet\.py -- gen_context(system_u:object_r:bin_t,s0)
 /usr/share/system-config-rootpassword/system-config-rootpassword -- gen_context(system_u:object_r:bin_t,s0)
 /usr/share/system-config-samba/system-config-samba\.py -- gen_context(system_u:object_r:bin_t,s0)
 /usr/share/system-config-securitylevel/system-config-securitylevel\.py -- gen_context(system_u:object_r:bin_t,s0)