From Debian package 0.0.20080702-4

Move files_exec_usr_files from userdom_unpriv_user_template to
userdom_base_user_template

Index: policy/modules/system/userdomain.if
===================================================================
--- policy/modules/system/userdomain.if.orig
+++ policy/modules/system/userdomain.if
@@ -87,6 +87,7 @@
 	files_read_etc_files($1_t)
 	files_read_etc_runtime_files($1_t)
 	files_read_usr_files($1_t)
+	files_exec_usr_files($1_t)
 	# Read directories and files with the readable_t type.
 	# This type is a general type for "world"-readable files.
 	files_list_world_readable($1_t)
@@ -973,7 +974,6 @@
 	# Need the following rule to allow users to run vpnc
 	corenet_tcp_bind_xserver_port($1_t)
 
-	files_exec_usr_files($1_t)
 	# cjp: why?
 	files_read_kernel_symbol_table($1_t)