userdom_rw_inherited_user_tmpfs_files(chrome_sandbox_nacl_t)
userdom_execute_user_tmpfs_files(chrome_sandbox_nacl_t)
userdom_read_inherited_user_tmp_files(chrome_sandbox_nacl_t)
+
+optional_policy(`
+ gnome_dontaudit_write_config_files(chrome_sandbox_nacl_t)
+')
+
dontaudit $1 gnome_home_type:dir search_dir_perms;
')
+########################################
+## <summary>
+## Dontaudit write gnome homedir content (.config)
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain to not audit.
+## </summary>
+## </param>
+#
+interface(`gnome_dontaudit_write_config_files',`
+ gen_require(`
+ attribute gnome_home_type;
+ ')
+
+ dontaudit $1 gnome_home_type:file write;
+')
+
########################################
## <summary>
## manage gnome homedir content (.config)