On 06/05/2017 02:09 PM, Walter H. wrote:

I did it this way:  stored the following to   e.g. bugfix.tt

module systemd_vnc_bugfix 1.0.0;

require {
        type user_home_t;
        type init_t;
        class file { open read unlink };
}

#============= init_t ==============
allow init_t user_home_t:file { open read unlink };

This looks like the file that is labeled user_home_t is mislabeled.  This indicates a file stored in your homedir.

I don't think systemd is open/read/unlink files in homedir.