From de7b3815c9b6a571d6d294b2fdb6d88f4c09000e Mon Sep 17 00:00:00 2001
From: Dominick Grift <dominick.grift@gmail.com>
Date: Thu, 18 Oct 2012 20:08:15 +0200
Subject: [PATCH] Changes to the user domain policy module

Content that (at least) common users need to be able to relabel and
create with a type transition

Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
---
 policy/modules/system/userdomain.if | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index b487e9999..ce2fff32c 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -575,6 +575,7 @@ template(`userdom_common_user_template',`
 	')
 
 	optional_policy(`
+		alsa_home_filetrans_alsa_home($1_t, file, ".asoundrc")
 		alsa_manage_home_files($1_t)
 		alsa_read_rw_config($1_t)
 		alsa_relabel_home_files($1_t)
@@ -628,10 +629,21 @@ template(`userdom_common_user_template',`
 		inn_read_news_spool($1_t)
 	')
 
+	optional_policy(`
+		kerberos_manage_krb5_home_files($1_t)
+		kerberos_relabel_krb5_home_files($1_t)
+		kerberos_home_filetrans_krb5_home($1_t, file, ".k5login")
+	')
+
 	optional_policy(`
 		locate_read_lib_files($1_t)
 	')
 
+	optional_policy(`
+		mpd_manage_user_data_content($1_t)
+		mpd_relabel_user_data_content($1_t)
+	')
+
 	# for running depmod as part of the kernel packaging process
 	optional_policy(`
 		modutils_read_module_config($1_t)
@@ -645,11 +657,16 @@ template(`userdom_common_user_template',`
 		tunable_policy(`allow_user_mysql_connect',`
 			mysql_stream_connect($1_t)
 		')
+
+		mysql_manage_mysqld_home_files($1_t)
+		mysql_relabel_mysqld_home_files($1_t)
+		mysql_home_filetrans_mysqld_home($1_t, file, ".my.cnf")
 	')
 
 	optional_policy(`
 		oident_manage_user_content($1_t)
 		oident_relabel_user_content($1_t)
+		oident_home_filetrans_oidentd_home($1_t, file, ".oidentd.conf")
 	')
 
 	optional_policy(`
@@ -669,6 +686,12 @@ template(`userdom_common_user_template',`
 		')
 	')
 
+	optional_policy(`
+		ppp_manage_home_files($1_t)
+		ppp_relabel_home_files($1_t)
+		ppp_home_filetrans_ppp_home($1_t, file, ".ppprc")
+	')
+
 	optional_policy(`
 		resmgr_stream_connect($1_t)
 	')