From fbf134498f06945cfd161ef9343655210b4033db Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Fri, 18 Nov 2011 13:45:13 -0500
Subject: [PATCH] Get rid of extra fuse rules covered by userdom_home_manager

---
 policy/modules/services/ssh.te     | 7 ++-----
 policy/modules/services/xserver.te | 9 ---------
 2 files changed, 2 insertions(+), 14 deletions(-)

diff --git a/policy/modules/services/ssh.te b/policy/modules/services/ssh.te
index e93db051..12ad27c5 100644
--- a/policy/modules/services/ssh.te
+++ b/policy/modules/services/ssh.te
@@ -206,11 +206,6 @@ tunable_policy(`allow_ssh_keysign',`
 	domtrans_pattern(ssh_t, ssh_keysign_exec_t, ssh_keysign_t)
 ')
 
-tunable_policy(`use_fusefs_home_dirs',`
-	fs_manage_fusefs_dirs(ssh_t)
-	fs_manage_fusefs_files(ssh_t)
-')
-
 # for port forwarding
 tunable_policy(`user_tcp_server',`
 	corenet_tcp_bind_ssh_port(ssh_t)
@@ -481,7 +476,9 @@ tunable_policy(`ssh_chroot_rw_homedirs && use_samba_home_dirs',`
 ')
 
 tunable_policy(`ssh_chroot_rw_homedirs && use_fusefs_home_dirs',`
+    fs_manage_fusefs_dirs(chroot_user_t)
     fs_manage_fusefs_files(chroot_user_t)
+    fs_manage_fusefs_symlinks(chroot_user_t)
 ')
 
 tunable_policy(`use_samba_home_dirs',`
diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
index ab908aad..a3e787d3 100644
--- a/policy/modules/services/xserver.te
+++ b/policy/modules/services/xserver.te
@@ -373,10 +373,6 @@ ifdef(`hide_broken_symptoms',`
 	miscfiles_read_fonts(xauth_t)
 ')
 
-tunable_policy(`use_fusefs_home_dirs',`
-	fs_manage_fusefs_files(xauth_t)
-')
-
 userdom_home_manager(xauth_t)
 
 ifdef(`hide_broken_symptoms',`
@@ -677,11 +673,6 @@ ifdef(`distro_rhel4',`
 	allow xdm_t self:process { execheap execmem };
 ')
 
-tunable_policy(`use_fusefs_home_dirs',`
-	fs_manage_fusefs_dirs(xdm_t)
-	fs_manage_fusefs_files(xdm_t)
-')
-
 tunable_policy(`use_nfs_home_dirs',`
 	fs_exec_nfs_files(xdm_t)
 ')
-- 
2.47.3