work around role dominance breakage in module compiler

refpolicy/policy/modules/system/domain.if

@@ -45,6 +45,14 @@ interface(`domain_base_type',`
 		tunable_policy(`allow_execmem',`
 			allow $1 self:process execmem;
 		')
+
+		# FIXME:
+		# hack until role dominance is fixed in
+		# the module compiler
+		role secadm_r types $1;
+		role sysadm_r types $1;
+		role user_r types $1;
+		role staff_r types $1;
 	')
 ')
 

refpolicy/policy/modules/system/userdomain.te

@@ -65,10 +65,10 @@ ifdef(`targeted_policy',`
 	fs_associate_tmpfs(user_home_dir_t)
 
 	# compatibility for switching from strict
-	dominance { role secadm_r { role system_r; }}
+#	dominance { role secadm_r { role system_r; }}
-	dominance { role sysadm_r { role system_r; }}
+#	dominance { role sysadm_r { role system_r; }}
-	dominance { role user_r { role system_r; }}
+#	dominance { role user_r { role system_r; }}
-	dominance { role staff_r { role system_r; }}
+#	dominance { role staff_r { role system_r; }}
 
 	# dont need to use the full role_change()
 	allow sysadm_r system_r;