From c42c407bdc7cdd347744965642b6bedc99d6c556 Mon Sep 17 00:00:00 2001
From: Russell Coker <russell@coker.com.au>
Date: Fri, 15 Jan 2021 10:37:20 +1100
Subject: [PATCH] yet more strict patches fixed

More little strict patches, much of which are needed for KDE.

With the lines that Chris didn't like removed.

Signed-off-by: Russell Coker <russell@coker.com.au>
---
 policy/modules/system/userdomain.if | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index 3a0d057be..750fb9f5d 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -877,6 +877,10 @@ template(`userdom_common_user_template',`
 		systemd_role_template($1, $1_r, $1_t)
 	')
 
+	optional_policy(`
+		udev_read_runtime_files($1_t)
+	')
+
 	optional_policy(`
 		usernetctl_run($1_t, $1_r)
 	')
@@ -1229,6 +1233,15 @@ template(`userdom_unpriv_user_template', `
 
 	optional_policy(`
 		systemd_dbus_chat_logind($1_t)
+		systemd_use_logind_fds($1_t)
+		systemd_dbus_chat_hostnamed($1_t)
+		systemd_write_inherited_logind_inhibit_pipes($1_t)
+
+		# kwalletd5 inherits a socket from init
+		init_rw_inherited_stream_socket($1_t)
+		init_use_fds($1_t)
+		# for polkit-kde-auth
+		init_read_state($1_t)
 	')
 
 	# Allow controlling usbguard