From f8f74f8335184d377fa0a51d0c1b7c279c272a66 Mon Sep 17 00:00:00 2001
From: Harry Smallbone <hsmallbone@users.noreply.github.com>
Date: Thu, 13 Feb 2025 01:55:27 +0800
Subject: [PATCH] Add user_home_t to SELinux tunable (#4142)

On RHEL 9, some files in the home directory are labeled with user_home_t rather than user_home_dir_t
https://danwalsh.livejournal.com/63586.html appears to suggest that this is expected behaviour
---
 packaging/rpm/ondemand-selinux.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/packaging/rpm/ondemand-selinux.te b/packaging/rpm/ondemand-selinux.te
index 73e928ff5c..8879a97f3b 100644
--- a/packaging/rpm/ondemand-selinux.te
+++ b/packaging/rpm/ondemand-selinux.te
@@ -6,6 +6,7 @@ require {
   type shell_exec_t;
   type rsync_exec_t;
   type ptmx_t;
+  type user_home_t;
   type user_home_dir_t;
   type proc_t;
   type vmblock_t;
@@ -105,6 +106,8 @@ read_lnk_files_pattern(httpd_t, ood_apps_public_t, ood_apps_public_t)
 gen_tunable(ondemand_manage_user_home_dir, false)
 
 tunable_policy(`ondemand_manage_user_home_dir',`
+  manage_dirs_pattern(ood_pun_t, user_home_t, user_home_t)
+  manage_files_pattern(ood_pun_t, user_home_t, user_home_t)
   manage_dirs_pattern(ood_pun_t, user_home_dir_t, user_home_dir_t)
   manage_files_pattern(ood_pun_t, user_home_dir_t, user_home_dir_t)
 ')