From 7fe5a6fd507e5341b952d6bfcf9e5622ee6c488f Mon Sep 17 00:00:00 2001
From: Michal Schmidt <mschmidt@redhat.com>
Date: Nov 09 2018 11:04:44 +0000
Subject: selinux: allow symlinks in foreign environment


Some users have custom icecc-create-env scripts that create
environments including symlinks.

BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1479048

---

diff --git a/icecream.te b/icecream.te
index c1d7248..76c5687 100644
--- a/icecream.te
+++ b/icecream.te
@@ -175,6 +175,7 @@ allow iceccd_untrusted_t self:process signal_perms;
 allow iceccd_untrusted_t iceccd_t:unix_stream_socket rw_stream_socket_perms;
 
 manage_files_pattern(iceccd_untrusted_t, iceccd_cache_t, iceccd_cache_t)
+manage_lnk_files_pattern(iceccd_untrusted_t, iceccd_cache_t, iceccd_cache_t)
 
 can_exec(iceccd_untrusted_t, iceccd_cache_t)