Xguest patch from Dan Walsh.

policy/modules/roles/xguest.te

@@ -1,5 +1,5 @@
 
-policy_module(xguest, 1.0.0)
+policy_module(xguest, 1.0.1)
 
 ########################################
 #
@@ -36,6 +36,20 @@ userdom_restricted_xwindows_user_template(xguest)
 # Local policy
 #
 
+ifndef(`enable_mls',`
+	fs_exec_noxattr(xguest_t)
+
+	tunable_policy(`user_rw_noexattrfile',`
+		fs_manage_noxattr_fs_files(xguest_t)
+		fs_manage_noxattr_fs_dirs(xguest_t)
+		# Write floppies 
+		storage_raw_read_removable_device(xguest_t)
+		storage_raw_write_removable_device(xguest_t)
+	',`
+		storage_raw_read_removable_device(xguest_t)
+	')
+')
+
 # Allow mounting of file systems
 optional_policy(`
 	tunable_policy(`xguest_mount_media',`
@@ -77,6 +91,8 @@ optional_policy(`
 optional_policy(`
 	tunable_policy(`xguest_connect_network',`
 		networkmanager_dbus_chat(xguest_t)
+		corenet_tcp_connect_pulseaudio_port(xguest_t)
+		corenet_tcp_connect_ipp_port(xguest_t)
 	')
 ')