clean up rpc hack

refpolicy/policy/modules/services/rpc.if

@@ -132,6 +132,23 @@ interface(`rpc_udp_sendto',`
 	allow rpc_t $1:udp_socket recvfrom;
 ')
 
+########################################
+## <summary>
+##      Do not audit attempts to get the attributes
+##	of the NFS export file.
+## </summary>
+## <param name="domain">
+##      The type of the process performing this action.
+## </param>
+#
+interface(`rpc_dontaudit_getattr_exports',`
+	gen_require(`
+		type exports_t;
+	')
+
+	dontaudit $1 exports_t:file getattr;
+')
+
 ########################################
 ## <summary>
 ##      Allow read access to exports.

refpolicy/policy/modules/services/rpc.te

@@ -1,5 +1,5 @@
 
-policy_module(rpc,1.0.1)
+policy_module(rpc,1.0.2)
 
 ########################################
 #
@@ -71,9 +71,6 @@ optional_policy(`nis',`
 	nis_read_ypserv_config(rpcd_t)
 ')
 
-# FIXME
-dontaudit userdomain exports_t:file getattr;
-
 ########################################
 #
 # NFSD local policy

refpolicy/policy/modules/system/userdomain.if

@@ -365,6 +365,10 @@ template(`base_user_template',`
 		quota_dontaudit_getattr_db($1_t)
 	')
 
+	optional_policy(`rpc',`
+		rpc_dontaudit_getattr_exports($1_t)
+	')
+
 	optional_policy(`rpm',`
 		files_getattr_var_lib_dir($1_t)
 		files_search_var_lib($1_t)