srivasta@debian.org--etch/refpolicy--netuser--0.0--patch-1
srivasta@debian.org--etch/refpolicy--debian--0.0--patch-20

Add network_user_template interface

All the rest is gone, but here is the historical summary:
Create a net user role

This is a convenience feature. Basically it sets up a user who can
network with generic ports, without allowing all users to do the same,
but also without having to put special confinement on that user, and
without making him "unconfined". The netuser role is just like a regular
user role, but it can do unprivileged networking. Good for e.g. allowing
only certain users to run tiny network servers like IRC bouncers.

Unless you give a user the netuser_r role, it won't have any effect
anyway. Better than using allow_user_tcp boolean, which grants all users
these rights.

Since Debian 0.0.20080702-1:
Doesn't actually create the corresponding user and domain

Since Debian 0.0.20090621-1:
Doesn't create the role

Index: policy/modules/system/userdomain.if
===================================================================
--- policy/modules/system/userdomain.if.orig
+++ policy/modules/system/userdomain.if
@@ -1014,6 +1014,41 @@
 
 #######################################
 ## <summary>
+##	The template for creating a user with network access.
+## </summary>
+## <desc>
+##	<p>
+##	This template creates a user domain, types, and
+##	rules for the user's tty, pty, home directories,
+##	tmp, and tmpfs files.
+##	</p>
+##	<p>
+##	This differs from the unpriv_user_template by allowing non-privileged network access.
+##	</p>
+## </desc>
+## <param name="userdomain_prefix">
+##	<summary>
+##	The prefix of the user domain (e.g., sysadm
+##	is the prefix for sysadm_t).
+##	</summary>
+## </param>
+#
+template(`network_user_template',`
+	##############################
+	#
+	# Declarations
+	#
+
+	# Inherit rules for ordinary users.
+	userdom_unpriv_user_template($1)
+	# like user_tcp_server
+	corenet_tcp_bind_generic_port($1_t)
+	sysnet_dns_name_resolve($1_t)
+	allow $1_t self:tcp_socket create_stream_socket_perms;
+	allow $1_t self:udp_socket create_stream_socket_perms;
+')
+#######################################
+## <summary>
 ##	The template for creating an administrative user.
 ## </summary>
 ## <desc>