From 3c8622691abfb377b48bf3749dd629c5a7120cf4 Mon Sep 17 00:00:00 2001
From: Zdenek Pytela <zpytela@redhat.com>
Date: Tue, 18 May 2021 13:39:11 +0200
Subject: [PATCH] Allow vnc_session_t manage nfs dirs and files conditionally

The permissions set to manage directories and files with the nfs_t type
is allowed when the use_nfs_home_dirs boolean is turned on.

Resolves: https://github.com/TigerVNC/tigervnc/issues/1189
---
 unix/vncserver/selinux/vncsession.te | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/unix/vncserver/selinux/vncsession.te b/unix/vncserver/selinux/vncsession.te
index 86fd6e5e..46e69911 100644
--- a/unix/vncserver/selinux/vncsession.te
+++ b/unix/vncserver/selinux/vncsession.te
@@ -51,6 +51,11 @@ corecmd_executable_file(vnc_session_exec_t)
 mcs_process_set_categories(vnc_session_t)
 mcs_killall(vnc_session_t)
 
+tunable_policy(`use_nfs_home_dirs',`
+	fs_manage_nfs_dirs(vnc_session_t)
+	fs_manage_nfs_files(vnc_session_t)
+')
+
 optional_policy(`
 	auth_login_pgm_domain(vnc_session_t)
 	auth_write_login_records(vnc_session_t)
-- 
2.39.5