From Debian package 0.2.20100524-8

  * Add tunable user_manage_dos_files which defaults to true

Index: policy/global_tunables
===================================================================
--- policy/global_tunables.orig
+++ policy/global_tunables
@@ -111,3 +111,10 @@
 ## </p>
 ## </desc>
 gen_tunable(user_tcp_server,false)
+
+## <desc>
+## <p>
+## Allow users to manage files on dosfs_t devices, usually removable media
+## </p>
+## </desc>
+gen_tunable(user_manage_dos_files,true)
Index: policy/modules/system/userdomain.if
===================================================================
--- policy/modules/system/userdomain.if.orig
+++ policy/modules/system/userdomain.if
@@ -119,6 +119,11 @@
 		allow $1_t self:process execstack;
 	')
 
+	tunable_policy(`user_manage_dos_files',`
+		fs_manage_dos_dirs($1_t)
+		fs_manage_dos_files($1_t)
+	')
+
 	ifdef(`distro_debian', `
 		# allow reading /var/lib/apt/lists
 		apt_read_db($1_t)