userdom: allow users to read user home dir symlinks

This is to support user home directories primarily living in another
directory with a symlink in /home that points to it.

Signed-off-by: Kenton Groombridge <concord@gentoo.org>

1 files changed, 3 insertions, 0 deletions

diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index 401c5e6f..1d98629c 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -318,6 +318,7 @@ interface(`userdom_ro_home_role',`
 
 	# read-only home directory
 	allow $2 user_home_dir_t:dir list_dir_perms;
+	allow $2 user_home_dir_t:lnk_file read_lnk_file_perms;
 	allow $2 user_home_t:dir list_dir_perms;
 	allow $2 user_home_t:file entrypoint;
 	read_files_pattern($2, { user_home_t user_home_dir_t }, user_home_t)
@@ -394,6 +395,8 @@ interface(`userdom_manage_home_role',`
 
 	type_member $2 user_home_dir_t:dir user_home_dir_t;
 
+	allow $2 user_home_dir_t:lnk_file read_lnk_file_perms;
+
 	# full control of the home directory
 	allow $2 user_home_t:file entrypoint;
 	manage_dirs_pattern($2, { user_home_dir_t user_home_t }, user_home_t)