Policy fixes

policy/modules/apps/gnome.if

@@ -471,7 +471,7 @@ interface(`gnome_stream_connect',`
 
 ########################################
 ## <summary>
-##	read gnome homedir content (.config)
+##	list gnome homedir content (.config)
 ## </summary>
 ## <param name="user_domain">
 ##	<summary>
@@ -487,6 +487,24 @@ template(`gnome_list_home_config',`
 	allow $1 config_home_t:dir list_dir_perms;
 ')
 
+########################################
+## <summary>
+##	read gnome homedir content (.config)
+## </summary>
+## <param name="user_domain">
+##	<summary>
+##	The type of the user domain.
+##	</summary>
+## </param>
+#
+template(`gnome_read_home_config',`
+	gen_require(`
+		type config_home_t;
+	')
+
+	read_files_pattern($1, config_home_t, config_home_t)
+')
+
 ########################################
 ## <summary>
 ##	Read/Write all inherited gnome home config 

policy/modules/roles/unconfineduser.te

@@ -186,7 +186,11 @@ optional_policy(`
 	')
 
 	optional_policy(`
-		xserver_rw_shm(unconfined_usertype)
+		gen_require(`
+			type user_tmpfs_t;
+		')
+	
+		xserver_rw_session(unconfined_usertype, user_tmpfs_t)
 		xserver_run_xauth(unconfined_usertype, unconfined_r)
 		xserver_dbus_chat_xdm(unconfined_usertype)
 	')

policy/modules/services/icecast.te

@@ -40,6 +40,7 @@ files_pid_filetrans(icecast_t, icecast_var_run_t, { file dir })
 kernel_read_system_state(icecast_t)
 
 corenet_tcp_bind_soundd_port(icecast_t)
+corenet_tcp_connect_soundd_port(icecast_t)
 
 # Init script handling
 domain_use_interactive_fds(icecast_t)

policy/modules/system/udev.te

@@ -244,6 +244,10 @@ optional_policy(`
 	devicekit_dgram_send(udev_t)
 ')
 
+optional_policy(`
+	gnome_read_home_config(udev_t)
+')
+
 optional_policy(`
 	lvm_domtrans(udev_t)
 ')