diff --git a/policy-rawhide-base.patch b/policy-rawhide-base.patch
index 718fb3d..81c1286 100644
--- a/policy-rawhide-base.patch
+++ b/policy-rawhide-base.patch
@@ -1820,7 +1820,7 @@ index 688abc2..3d89250 100644
/usr/bin/kdesu -- gen_context(system_u:object_r:su_exec_t,s0)
+/usr/bin/su -- gen_context(system_u:object_r:su_exec_t,s0)
diff --git a/policy/modules/admin/su.if b/policy/modules/admin/su.if
-index 03ec5ca..bfc85a0 100644
+index 03ec5ca..025c177 100644
--- a/policy/modules/admin/su.if
+++ b/policy/modules/admin/su.if
@@ -89,7 +89,6 @@ template(`su_restricted_domain_template', `
@@ -1843,41 +1843,234 @@ index 03ec5ca..bfc85a0 100644
optional_policy(`
cron_read_pipes($1_su_t)
')
-@@ -208,7 +202,7 @@ template(`su_role_template',`
+@@ -172,14 +166,6 @@ template(`su_role_template',`
+ role $2 types $1_su_t;
- auth_domtrans_chk_passwd($1_su_t)
- auth_dontaudit_read_shadow($1_su_t)
+ allow $3 $1_su_t:process signal;
+-
+- allow $1_su_t self:capability { audit_control audit_write setuid setgid net_bind_service chown dac_override fowner sys_nice sys_resource };
+- dontaudit $1_su_t self:capability sys_tty_config;
+- allow $1_su_t self:process { setexec setsched setrlimit };
+- allow $1_su_t self:fifo_file rw_fifo_file_perms;
+- allow $1_su_t self:netlink_audit_socket { nlmsg_relay create_netlink_socket_perms };
+- allow $1_su_t self:key { search write };
+-
+ allow $1_su_t $3:key search;
+
+ # Transition from the user domain to this domain.
+@@ -194,125 +180,12 @@ template(`su_role_template',`
+ allow $3 $1_su_t:process sigchld;
+
+ kernel_read_system_state($1_su_t)
+- kernel_read_kernel_sysctls($1_su_t)
+- kernel_search_key($1_su_t)
+- kernel_link_key($1_su_t)
+-
+- # for SSP
+- dev_read_urand($1_su_t)
+-
+- fs_search_auto_mountpoints($1_su_t)
+
+- # needed for pam_rootok
+- selinux_compute_access_vector($1_su_t)
+-
+- auth_domtrans_chk_passwd($1_su_t)
+- auth_dontaudit_read_shadow($1_su_t)
- auth_use_nsswitch($1_su_t)
+- auth_rw_faillog($1_su_t)
+-
+- corecmd_search_bin($1_su_t)
+-
+- domain_use_interactive_fds($1_su_t)
+-
+- files_read_etc_files($1_su_t)
+- files_read_etc_runtime_files($1_su_t)
+- files_search_var_lib($1_su_t)
+- files_dontaudit_getattr_tmp_dirs($1_su_t)
+-
+- init_dontaudit_use_fds($1_su_t)
+- # Write to utmp.
+- init_rw_utmp($1_su_t)
+ auth_use_pam($1_su_t)
- auth_rw_faillog($1_su_t)
- corecmd_search_bin($1_su_t)
-@@ -228,10 +222,10 @@ template(`su_role_template',`
+ mls_file_write_all_levels($1_su_t)
logging_send_syslog_msg($1_su_t)
-
+-
- miscfiles_read_localization($1_su_t)
-
- userdom_use_user_terminals($1_su_t)
- userdom_search_user_home_dirs($1_su_t)
-+ userdom_search_admin_dir($1_su_t)
-
- ifdef(`distro_redhat',`
- # RHEL5 and possibly newer releases incl. Fedora
-@@ -277,12 +271,7 @@ template(`su_role_template',`
- ')
- ')
-
+-
+- userdom_use_user_terminals($1_su_t)
+- userdom_search_user_home_dirs($1_su_t)
+-
+- ifdef(`distro_redhat',`
+- # RHEL5 and possibly newer releases incl. Fedora
+- auth_domtrans_upd_passwd($1_su_t)
+-
+- optional_policy(`
+- locallogin_search_keys($1_su_t)
+- ')
+- ')
+-
+- ifdef(`distro_rhel4',`
+- domain_role_change_exemption($1_su_t)
+- domain_subj_id_change_exemption($1_su_t)
+- domain_obj_id_change_exemption($1_su_t)
+-
+- selinux_get_fs_mount($1_su_t)
+- selinux_validate_context($1_su_t)
+- selinux_compute_create_context($1_su_t)
+- selinux_compute_relabel_context($1_su_t)
+- selinux_compute_user_contexts($1_su_t)
+-
+- # Relabel ttys and ptys.
+- term_relabel_all_ttys($1_su_t)
+- term_relabel_all_ptys($1_su_t)
+- # Close and re-open ttys and ptys to get the fd into the correct domain.
+- term_use_all_ttys($1_su_t)
+- term_use_all_ptys($1_su_t)
+-
+- seutil_read_config($1_su_t)
+- seutil_read_default_contexts($1_su_t)
+-
+- if(secure_mode) {
+- # Only allow transitions to unprivileged user domains.
+- userdom_spec_domtrans_unpriv_users($1_su_t)
+- } else {
+- # Allow transitions to all user domains
+- userdom_spec_domtrans_all_users($1_su_t)
+- }
+-
+- optional_policy(`
+- unconfined_domtrans($1_su_t)
+- unconfined_signal($1_su_t)
+- ')
+- ')
+-
- ifdef(`hide_broken_symptoms',`
- # dontaudit leaked sockets from parent
- dontaudit $1_su_t $3:socket_class_set { read write };
- ')
-
- tunable_policy(`allow_polyinstantiation',`
-+ tunable_policy(`polyinstantiation_enabled',`
- fs_mount_xattr_fs($1_su_t)
- fs_unmount_xattr_fs($1_su_t)
- ')
+- fs_mount_xattr_fs($1_su_t)
+- fs_unmount_xattr_fs($1_su_t)
+- ')
+-
+- tunable_policy(`use_nfs_home_dirs',`
+- fs_search_nfs($1_su_t)
+- ')
+-
+- tunable_policy(`use_samba_home_dirs',`
+- fs_search_cifs($1_su_t)
+- ')
+-
+- optional_policy(`
+- cron_read_pipes($1_su_t)
+- ')
+-
+- optional_policy(`
+- kerberos_use($1_su_t)
+- ')
+-
+- optional_policy(`
+- # used when the password has expired
+- usermanage_read_crack_db($1_su_t)
+- ')
+-
+- # Modify .Xauthority file (via xauth program).
+- optional_policy(`
+- xserver_user_home_dir_filetrans_user_xauth($1_su_t)
+- xserver_domtrans_xauth($1_su_t)
+- ')
+ ')
+
+ #######################################
+diff --git a/policy/modules/admin/su.te b/policy/modules/admin/su.te
+index 85bb77e..0df3b43 100644
+--- a/policy/modules/admin/su.te
++++ b/policy/modules/admin/su.te
+@@ -9,3 +9,81 @@ attribute su_domain_type;
+
+ type su_exec_t;
+ corecmd_executable_file(su_exec_t)
++
++allow su_domain_type self:capability { audit_control audit_write setuid setgid net_bind_service chown dac_override fowner sys_nice sys_resource };
++dontaudit su_domain_type self:capability sys_tty_config;
++allow su_domain_type self:process { setexec setsched setrlimit };
++allow su_domain_type self:fifo_file rw_fifo_file_perms;
++allow su_domain_type self:netlink_audit_socket { nlmsg_relay create_netlink_socket_perms };
++allow su_domain_type self:key { search write };
++
++kernel_read_kernel_sysctls(su_domain_type)
++kernel_search_key(su_domain_type)
++kernel_link_key(su_domain_type)
++
++# for SSP
++dev_read_urand(su_domain_type)
++dev_dontaudit_getattr_all(su_domain_type)
++
++fs_search_auto_mountpoints(su_domain_type)
++
++# needed for pam_rootok
++selinux_compute_access_vector(su_domain_type)
++
++corecmd_search_bin(su_domain_type)
++
++domain_use_interactive_fds(su_domain_type)
++
++files_read_etc_files(su_domain_type)
++files_read_etc_runtime_files(su_domain_type)
++files_search_var_lib(su_domain_type)
++files_dontaudit_getattr_tmp_dirs(su_domain_type)
++
++init_dontaudit_use_fds(su_domain_type)
++# Write to utmp.
++init_rw_utmp(su_domain_type)
++
++userdom_use_user_terminals(su_domain_type)
++userdom_search_user_home_dirs(su_domain_type)
++userdom_search_admin_dir(su_domain_type)
++
++ifdef(`distro_redhat',`
++ # RHEL5 and possibly newer releases incl. Fedora
++ auth_domtrans_upd_passwd(su_domain_type)
++
++ optional_policy(`
++ locallogin_search_keys(su_domain_type)
++ ')
++')
++
++tunable_policy(`polyinstantiation_enabled',`
++ fs_mount_xattr_fs(su_domain_type)
++ fs_unmount_xattr_fs(su_domain_type)
++')
++
++tunable_policy(`use_nfs_home_dirs',`
++ fs_search_nfs(su_domain_type)
++')
++
++tunable_policy(`use_samba_home_dirs',`
++ fs_search_cifs(su_domain_type)
++')
++
++optional_policy(`
++ cron_read_pipes(su_domain_type)
++')
++
++optional_policy(`
++ kerberos_use(su_domain_type)
++')
++
++optional_policy(`
++ # used when the password has expired
++ usermanage_read_crack_db(su_domain_type)
++')
++
++# Modify .Xauthority file (via xauth program).
++optional_policy(`
++ xserver_user_home_dir_filetrans_user_xauth(su_domain_type)
++ xserver_domtrans_xauth(su_domain_type)
++')
diff --git a/policy/modules/admin/sudo.fc b/policy/modules/admin/sudo.fc
index 7bddc02..2b59ed0 100644
--- a/policy/modules/admin/sudo.fc
@@ -29858,7 +30051,7 @@ index 808ba93..9d8f729 100644
+ files_etc_filetrans($1, ld_so_cache_t, file, "ld.so.preload~")
+')
diff --git a/policy/modules/system/libraries.te b/policy/modules/system/libraries.te
-index 23a645e..f0cbd38 100644
+index 23a645e..52a8540 100644
--- a/policy/modules/system/libraries.te
+++ b/policy/modules/system/libraries.te
@@ -32,14 +32,14 @@ files_tmp_file(ldconfig_tmp_t)
@@ -29891,21 +30084,23 @@ index 23a645e..f0cbd38 100644
files_etc_filetrans(ldconfig_t, ld_so_cache_t, file)
manage_dirs_pattern(ldconfig_t, ldconfig_tmp_t, ldconfig_tmp_t)
-@@ -75,10 +77,14 @@ kernel_read_system_state(ldconfig_t)
+@@ -75,11 +77,15 @@ kernel_read_system_state(ldconfig_t)
fs_getattr_xattr_fs(ldconfig_t)
+files_list_var_lib(ldconfig_t)
++files_dontaudit_leaks(ldconfig_t)
+files_manage_var_lib_symlinks(ldconfig_t)
+
corecmd_search_bin(ldconfig_t)
domain_use_interactive_fds(ldconfig_t)
+-files_search_var_lib(ldconfig_t)
+files_search_home(ldconfig_t)
- files_search_var_lib(ldconfig_t)
files_read_etc_files(ldconfig_t)
files_read_usr_files(ldconfig_t)
+ files_search_tmp(ldconfig_t)
@@ -90,11 +96,11 @@ files_delete_etc_files(ldconfig_t)
init_use_script_ptys(ldconfig_t)
init_read_script_tmp_files(ldconfig_t)
@@ -35040,7 +35235,7 @@ index 6944526..ec17624 100644
+ files_etc_filetrans($1, net_conf_t, file, "ntp.conf")
+')
diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te
-index b7686d5..7a9577f 100644
+index b7686d5..087fe08 100644
--- a/policy/modules/system/sysnetwork.te
+++ b/policy/modules/system/sysnetwork.te
@@ -5,6 +5,13 @@ policy_module(sysnetwork, 1.14.6)
@@ -35136,7 +35331,7 @@ index b7686d5..7a9577f 100644
corenet_tcp_sendrecv_all_ports(dhcpc_t)
corenet_udp_sendrecv_all_ports(dhcpc_t)
corenet_tcp_bind_all_nodes(dhcpc_t)
-@@ -108,21 +125,23 @@ corenet_udp_bind_dhcpc_port(dhcpc_t)
+@@ -108,21 +125,24 @@ corenet_udp_bind_dhcpc_port(dhcpc_t)
corenet_tcp_connect_all_ports(dhcpc_t)
corenet_sendrecv_dhcpd_client_packets(dhcpc_t)
corenet_sendrecv_dhcpc_server_packets(dhcpc_t)
@@ -35159,10 +35354,11 @@ index b7686d5..7a9577f 100644
files_dontaudit_search_locks(dhcpc_t)
files_getattr_generic_locks(dhcpc_t)
+files_rw_inherited_tmp_file(dhcpc_t)
++files_dontaudit_rw_inherited_locks(dhcpc_t)
fs_getattr_all_fs(dhcpc_t)
fs_search_auto_mountpoints(dhcpc_t)
-@@ -132,11 +151,15 @@ term_dontaudit_use_all_ptys(dhcpc_t)
+@@ -132,11 +152,15 @@ term_dontaudit_use_all_ptys(dhcpc_t)
term_dontaudit_use_unallocated_ttys(dhcpc_t)
term_dontaudit_use_generic_ptys(dhcpc_t)
@@ -35179,7 +35375,7 @@ index b7686d5..7a9577f 100644
modutils_run_insmod(dhcpc_t, dhcpc_roles)
-@@ -156,7 +179,14 @@ ifdef(`distro_ubuntu',`
+@@ -156,7 +180,14 @@ ifdef(`distro_ubuntu',`
')
optional_policy(`
@@ -35195,7 +35391,7 @@ index b7686d5..7a9577f 100644
')
optional_policy(`
-@@ -174,10 +204,6 @@ optional_policy(`
+@@ -174,10 +205,6 @@ optional_policy(`
')
optional_policy(`
@@ -35206,7 +35402,7 @@ index b7686d5..7a9577f 100644
hotplug_getattr_config_dirs(dhcpc_t)
hotplug_search_config(dhcpc_t)
-@@ -190,23 +216,36 @@ optional_policy(`
+@@ -190,23 +217,36 @@ optional_policy(`
optional_policy(`
netutils_run_ping(dhcpc_t, dhcpc_roles)
netutils_run(dhcpc_t, dhcpc_roles)
@@ -35243,7 +35439,7 @@ index b7686d5..7a9577f 100644
')
optional_policy(`
-@@ -216,7 +255,11 @@ optional_policy(`
+@@ -216,7 +256,11 @@ optional_policy(`
optional_policy(`
seutil_sigchld_newrole(dhcpc_t)
@@ -35256,7 +35452,7 @@ index b7686d5..7a9577f 100644
')
optional_policy(`
-@@ -228,6 +271,10 @@ optional_policy(`
+@@ -228,6 +272,10 @@ optional_policy(`
')
optional_policy(`
@@ -35267,7 +35463,7 @@ index b7686d5..7a9577f 100644
vmware_append_log(dhcpc_t)
')
-@@ -259,12 +306,23 @@ allow ifconfig_t self:msgq create_msgq_perms;
+@@ -259,12 +307,23 @@ allow ifconfig_t self:msgq create_msgq_perms;
allow ifconfig_t self:msg { send receive };
# Create UDP sockets, necessary when called from dhcpc
allow ifconfig_t self:udp_socket create_socket_perms;
@@ -35291,7 +35487,7 @@ index b7686d5..7a9577f 100644
kernel_use_fds(ifconfig_t)
kernel_read_system_state(ifconfig_t)
kernel_read_network_state(ifconfig_t)
-@@ -274,14 +332,29 @@ kernel_rw_net_sysctls(ifconfig_t)
+@@ -274,14 +333,30 @@ kernel_rw_net_sysctls(ifconfig_t)
corenet_rw_tun_tap_dev(ifconfig_t)
@@ -35312,6 +35508,7 @@ index b7686d5..7a9577f 100644
+read_files_pattern(ifconfig_t, dhcpc_state_t, dhcpc_state_t)
+
+files_dontaudit_rw_inherited_pipes(ifconfig_t)
++files_dontaudit_rw_inherited_locks(ifconfig_t)
+files_dontaudit_read_root_files(ifconfig_t)
+files_rw_inherited_tmp_file(ifconfig_t)
+
@@ -35321,7 +35518,7 @@ index b7686d5..7a9577f 100644
fs_getattr_xattr_fs(ifconfig_t)
fs_search_auto_mountpoints(ifconfig_t)
-@@ -294,22 +367,22 @@ term_dontaudit_use_all_ptys(ifconfig_t)
+@@ -294,22 +369,22 @@ term_dontaudit_use_all_ptys(ifconfig_t)
term_dontaudit_use_ptmx(ifconfig_t)
term_dontaudit_use_generic_ptys(ifconfig_t)
@@ -35349,7 +35546,7 @@ index b7686d5..7a9577f 100644
userdom_use_all_users_fds(ifconfig_t)
ifdef(`distro_ubuntu',`
-@@ -318,7 +391,22 @@ ifdef(`distro_ubuntu',`
+@@ -318,7 +393,22 @@ ifdef(`distro_ubuntu',`
')
')
@@ -35372,7 +35569,7 @@ index b7686d5..7a9577f 100644
optional_policy(`
dev_dontaudit_rw_cardmgr(ifconfig_t)
')
-@@ -329,8 +417,11 @@ ifdef(`hide_broken_symptoms',`
+@@ -329,8 +419,11 @@ ifdef(`hide_broken_symptoms',`
')
optional_policy(`
@@ -35386,7 +35583,7 @@ index b7686d5..7a9577f 100644
')
optional_policy(`
-@@ -339,7 +430,15 @@ optional_policy(`
+@@ -339,7 +432,15 @@ optional_policy(`
')
optional_policy(`
@@ -35403,7 +35600,7 @@ index b7686d5..7a9577f 100644
')
optional_policy(`
-@@ -360,3 +459,13 @@ optional_policy(`
+@@ -360,3 +461,13 @@ optional_policy(`
xen_append_log(ifconfig_t)
xen_dontaudit_rw_unix_stream_sockets(ifconfig_t)
')
@@ -38804,7 +39001,7 @@ index db75976..65191bd 100644
+
+/var/run/user(/.*)? gen_context(system_u:object_r:user_tmp_t,s0)
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
-index 3c5dba7..5dc956a 100644
+index 3c5dba7..fc2fb65 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -30,9 +30,11 @@ template(`userdom_base_user_template',`
@@ -39366,7 +39563,7 @@ index 3c5dba7..5dc956a 100644
##############################
#
-@@ -501,41 +632,52 @@ template(`userdom_common_user_template',`
+@@ -501,41 +632,51 @@ template(`userdom_common_user_template',`
# evolution and gnome-session try to create a netlink socket
dontaudit $1_t self:netlink_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown };
dontaudit $1_t self:netlink_route_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_write };
@@ -39389,7 +39586,6 @@ index 3c5dba7..5dc956a 100644
- kernel_read_device_sysctls($1_t)
+ kernel_read_device_sysctls($1_usertype)
+ kernel_request_load_module($1_usertype)
-+ kernel_stream_connect($1_usertype)
- corecmd_exec_bin($1_t)
+ corenet_udp_bind_generic_node($1_usertype)
@@ -39442,7 +39638,7 @@ index 3c5dba7..5dc956a 100644
# cjp: some of this probably can be removed
selinux_get_fs_mount($1_t)
-@@ -546,93 +688,120 @@ template(`userdom_common_user_template',`
+@@ -546,93 +687,120 @@ template(`userdom_common_user_template',`
selinux_compute_user_contexts($1_t)
# for eject
@@ -39601,7 +39797,7 @@ index 3c5dba7..5dc956a 100644
')
optional_policy(`
-@@ -642,23 +811,21 @@ template(`userdom_common_user_template',`
+@@ -642,23 +810,21 @@ template(`userdom_common_user_template',`
optional_policy(`
mpd_manage_user_data_content($1_t)
mpd_relabel_user_data_content($1_t)
@@ -39630,7 +39826,7 @@ index 3c5dba7..5dc956a 100644
mysql_stream_connect($1_t)
')
')
-@@ -671,7 +838,7 @@ template(`userdom_common_user_template',`
+@@ -671,7 +837,7 @@ template(`userdom_common_user_template',`
optional_policy(`
# to allow monitoring of pcmcia status
@@ -39639,7 +39835,7 @@ index 3c5dba7..5dc956a 100644
')
optional_policy(`
-@@ -680,9 +847,9 @@ template(`userdom_common_user_template',`
+@@ -680,9 +846,9 @@ template(`userdom_common_user_template',`
')
optional_policy(`
@@ -39652,7 +39848,7 @@ index 3c5dba7..5dc956a 100644
')
')
-@@ -693,32 +860,35 @@ template(`userdom_common_user_template',`
+@@ -693,32 +859,35 @@ template(`userdom_common_user_template',`
')
optional_policy(`
@@ -39699,7 +39895,7 @@ index 3c5dba7..5dc956a 100644
')
')
-@@ -743,17 +913,33 @@ template(`userdom_common_user_template',`
+@@ -743,17 +912,33 @@ template(`userdom_common_user_template',`
template(`userdom_login_user_template', `
gen_require(`
class context contains;
@@ -39737,7 +39933,7 @@ index 3c5dba7..5dc956a 100644
userdom_change_password_template($1)
-@@ -761,82 +947,99 @@ template(`userdom_login_user_template', `
+@@ -761,82 +946,99 @@ template(`userdom_login_user_template', `
#
# User domain Local policy
#
@@ -39873,22 +40069,24 @@ index 3c5dba7..5dc956a 100644
')
')
-@@ -868,6 +1071,12 @@ template(`userdom_restricted_user_template',`
+@@ -868,6 +1070,12 @@ template(`userdom_restricted_user_template',`
typeattribute $1_t unpriv_userdomain;
domain_interactive_fd($1_t)
+ allow $1_usertype self:netlink_kobject_uevent_socket create_socket_perms;
+ dontaudit $1_usertype self:netlink_audit_socket create_socket_perms;
+
-+ seutil_read_file_contexts($1_t)
-+ seutil_read_default_contexts($1_t)
++ seutil_read_file_contexts($1_t)
++ seutil_read_default_contexts($1_t)
+
##############################
#
# Local policy
-@@ -908,41 +1117,97 @@ template(`userdom_restricted_xwindows_user_template',`
+@@ -907,42 +1115,99 @@ template(`userdom_restricted_xwindows_user_template',`
+ #
# Local policy
#
++ kernel_stream_connect($1_usertype)
- auth_role($1_r, $1_t)
- auth_search_pam_console_data($1_t)
@@ -40118,20 +40316,20 @@ index 3c5dba7..5dc956a 100644
+
+ optional_policy(`
+ gpm_stream_connect($1_usertype)
- ')
-
- optional_policy(`
-- netutils_run_ping_cond($1_t, $1_r)
-- netutils_run_traceroute_cond($1_t, $1_r)
-+ mount_run_fusermount($1_t, $1_r)
-+ mount_read_pid_files($1_t)
+ ')
+
+ optional_policy(`
-+ wine_role_template($1, $1_r, $1_t)
++ mount_run_fusermount($1_t, $1_r)
++ mount_read_pid_files($1_t)
+ ')
+
+ optional_policy(`
++ wine_role_template($1, $1_r, $1_t)
+ ')
+
+ optional_policy(`
+- netutils_run_ping_cond($1_t, $1_r)
+- netutils_run_traceroute_cond($1_t, $1_r)
+ postfix_run_postdrop($1_t, $1_r)
+ postfix_search_spool($1_t)
')
@@ -40831,7 +41029,7 @@ index 3c5dba7..5dc956a 100644
')
########################################
-@@ -2027,21 +2632,15 @@ interface(`userdom_read_user_home_content_symlinks',`
+@@ -2027,20 +2632,14 @@ interface(`userdom_read_user_home_content_symlinks',`
#
interface(`userdom_exec_user_home_content_files',`
gen_require(`
@@ -40845,18 +41043,17 @@ index 3c5dba7..5dc956a 100644
-
- tunable_policy(`use_nfs_home_dirs',`
- fs_exec_nfs_files($1)
+- ')
+-
+- tunable_policy(`use_samba_home_dirs',`
+- fs_exec_cifs_files($1)
+ exec_files_pattern($1, { user_home_dir_t user_home_type }, user_home_type)
+ dontaudit $1 user_home_type:sock_file execute;
')
-
-- tunable_policy(`use_samba_home_dirs',`
-- fs_exec_cifs_files($1)
-- ')
-')
--
+
########################################
##