From 8592752fd4307fafa589930f739e851d4dbdc20c Mon Sep 17 00:00:00 2001
From: Miroslav Grepl <mgrepl@redhat.com>
Date: Tue, 6 Dec 2011 23:46:03 +0100
Subject: [PATCH] Remove duplicate declaration

---
 policy/modules/kernel/corecommands.fc  |  1 -
 policy/modules/roles/unconfineduser.te |  4 ++--
 policy/modules/system/authlogin.if     |  1 -
 policy/modules/system/init.te          |  1 +
 policy/modules/system/userdomain.if    | 32 ++++++++++++++++++++++++++
 5 files changed, 35 insertions(+), 4 deletions(-)

diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc
index 9446ba8f..5d00aa05 100644
--- a/policy/modules/kernel/corecommands.fc
+++ b/policy/modules/kernel/corecommands.fc
@@ -196,7 +196,6 @@ ifdef(`distro_gentoo',`
 /usr/bin/zsh.*			--	gen_context(system_u:object_r:shell_exec_t,s0)
 
 /usr/bin/git-shell		--	gen_context(system_u:object_r:shell_exec_t,s0)
-/usr/bin/fish			--	gen_context(system_u:object_r:shell_exec_t,s0)
 /usr/bin/scponly		--	gen_context(system_u:object_r:shell_exec_t,s0)
 
 /usr/(.*/)?sbin(/.*)?			gen_context(system_u:object_r:bin_t,s0)
diff --git a/policy/modules/roles/unconfineduser.te b/policy/modules/roles/unconfineduser.te
index 05503f39..90af1575 100644
--- a/policy/modules/roles/unconfineduser.te
+++ b/policy/modules/roles/unconfineduser.te
@@ -41,7 +41,7 @@ userdom_base_user_template(unconfined)
 userdom_manage_home_role(unconfined_r, unconfined_t)
 userdom_manage_tmp_role(unconfined_r, unconfined_t)
 userdom_manage_tmpfs_role(unconfined_r, unconfined_t)
-userdom_unpriv_t(unconfined, unconfined_t)
+userdom_unpriv_type(unconfined_r, unconfined_t)
 
 type unconfined_exec_t;
 init_system_domain(unconfined_t, unconfined_exec_t)
@@ -118,7 +118,7 @@ tunable_policy(`unconfined_login',`
 
 optional_policy(`
 	gen_require(`
-		attribute unconfined_t;
+		type unconfined_t;
 	')
 
 	optional_policy(`
diff --git a/policy/modules/system/authlogin.if b/policy/modules/system/authlogin.if
index bbf9ef45..11dfd811 100644
--- a/policy/modules/system/authlogin.if
+++ b/policy/modules/system/authlogin.if
@@ -1839,7 +1839,6 @@ interface(`auth_filetrans_named_content',`
 	files_etc_filetrans($1, passwd_file_t, file, "passwd-")
 	files_etc_filetrans($1, passwd_file_t, file, "passwd.OLD")
 	files_etc_filetrans($1, passwd_file_t, file, "ptmptmp")
-	files_etc_filetrans($1, shadow_t, file, ".pwd.lock")
 	files_etc_filetrans($1, shadow_t, file, "group.lock")
 	files_etc_filetrans($1, shadow_t, file, "passwd.lock")
 	files_etc_filetrans($1, shadow_t, file, "passwd.adjunct")
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index 96f0ddfc..ddc71430 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -1053,6 +1053,7 @@ optional_policy(`
 	mta_read_config(initrc_t)
 	mta_write_config(initrc_t)
 	mta_dontaudit_read_spool_symlinks(initrc_t)
+')
 
 optional_policy(`
 	ifdef(`distro_redhat',`
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index 75a0324f..17cc2fc4 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -3965,6 +3965,38 @@ template(`userdom_unpriv_usertype',`
 	ubac_constrained($2)
 ')
 
+#######################################
+## <summary>
+##  Define this type as a Allow apps to set rlimits on userdomain
+## </summary>
+## <param name="domain">
+##  <summary>
+##  Domain allowed access.
+##  </summary>
+## </param>
+## <param name="userdomain_prefix">
+##  <summary>
+##  The prefix of the user domain (e.g., user
+##  is the prefix for user_t).
+## </summary>
+## </param>
+## <param name="domain">
+##  <summary>
+##  Domain allowed access.
+##  </summary>
+## </param>
+#
+template(`userdom_unpriv_type',`
+    gen_require(`
+        attribute unpriv_userdomain, userdomain;
+    ')
+    typeattribute $2  unpriv_userdomain;
+    typeattribute $2  userdomain;
+
+    auth_use_nsswitch($2)
+    ubac_constrained($2)
+')
+
 ########################################
 ## <summary>
 ##	Connect to users over an unix stream socket.
-- 
2.47.3