mls_file_upgrade(useradd_t)
mls_process_read_to_clearance(useradd_t)
-# Allow access to context for shadow file
-selinux_get_fs_mount(useradd_t)
-selinux_validate_context(useradd_t)
-selinux_compute_access_vector(useradd_t)
-selinux_compute_create_context(useradd_t)
-selinux_compute_relabel_context(useradd_t)
-selinux_compute_user_contexts(useradd_t)
+seutil_semanage_policy(useradd_t)
term_use_all_inherited_terms(useradd_t)
term_getattr_all_ptys(useradd_t)
sysnet_role_transition_dhcpc(unconfined_r)
')
+optional_policy(`
+ usermanage_run_useradd(unconfined_t, unconfined_r)
+')
+
optional_policy(`
vbetool_run(unconfined_t, unconfined_r)
')