From Debian package 0.2.20100524-8

  * Allow user domains to execute mysqld_exec_t, for KDE

Index: policy/modules/services/mysql.if
===================================================================
--- policy/modules/services/mysql.if.orig
+++ policy/modules/services/mysql.if
@@ -353,3 +353,23 @@
 
 	admin_pattern($1, mysqld_tmp_t)
 ')
+
+########################################
+## <summary>
+##	Execute mysqld in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+## 	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`mysqld_exec',`
+	gen_require(`
+		type mysqld_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, mysqld_exec_t)
+')
Index: policy/modules/system/userdomain.if
===================================================================
--- policy/modules/system/userdomain.if.orig
+++ policy/modules/system/userdomain.if
@@ -1027,6 +1027,10 @@
 	optional_policy(`
 		setroubleshoot_stream_connect($1_t)
 	')
+
+	optional_policy(`
+		mysqld_exec($1_t)
+	')
 ')
 
 #######################################