From 84f1d7c3fe6113effd8eedc2a6602c72fd5d482c Mon Sep 17 00:00:00 2001
From: Zdenek Pytela <zpytela@redhat.com>
Date: Thu, 18 Nov 2021 19:08:05 +0100
Subject: [PATCH] Update userdom_exec_user_tmp_files() with an entrypoint rule

Reference: https://gitbub.com/fedora-selinux/selinux-policy/commit/84f1d7c3fe6113effd8eedc2a6602c72fd5d482c
Conflict: NA

The userdom_exec_user_tmp_files() interface contains rules
to allow execution of user temporary files, but there were no rules
containing the executable type as entrypoint.

Resolves: rhbz#1966945
Signed-off-by: lujie54 <lujie54@huawei.com>
---
 policy/modules/system/userdomain.if | 1 +
 1 file changed, 1 insertion(+)

diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index d5a4094..cb56d28 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -556,6 +556,7 @@ interface(`userdom_exec_user_tmp_files',`
 		type user_tmp_t;
 	')
 
+	allow $1 user_tmp_t:file entrypoint;
 	exec_files_pattern($1, user_tmp_t, user_tmp_t)
 	dontaudit $1 user_tmp_t:sock_file execute;
 	files_search_tmp($1)
-- 
1.8.3.1