diff -ru default/domains/program/games.te current/domains/program/games.te
--- default/domains/program/games.te	2003-05-15 05:22:15.000000000 +0200
+++ current/domains/program/games.te	2003-05-24 13:32:04.000000000 +0200
@@ -2,6 +2,8 @@
 #
 # Author:  Russell Coker <russell@coker.com.au>
 #
+#          Changes by Tom Vogt <tom@lemuria.org>
+#
 
 # type for shared data from games
 type games_data_t, file_type, sysadmfile;
@@ -14,3 +16,28 @@
 
 # Everything else is in the x_client_domain macro in
 # macros/program/x_client_macros.te.
+
+# games_t also used for games installed on the system, run by the user,
+# so holes in them won't compromise the user session
+allow user_t games_data_t:file r_file_perms;
+allow user_t games_data_t:dir r_dir_perms;
+
+# Game data stored in user home dirs
+type games_usrdata_t, file_type, sysadmfile;
+allow user_games_t user_home_t:dir { search };
+file_type_auto_trans(user_games_t, user_home_t, games_usrdata_t);
+#
+# Allow users to read and write these files
+# If we want to prevent cheating, we could take away the write
+# permissions. :)
+allow user_t games_usrdata_t:file create_file_perms;
+allow user_t games_usrdata_t:dir create_dir_perms;
+
+# Various access attempts to devices. Many games work just fine without,
+# but if yours doesn't, try to comment these out and look for which ones
+# it needs:
+dontaudit user_games_t device_t:chr_file { getattr };
+dontaudit user_games_t fixed_disk_device_t:blk_file { getattr };
+dontaudit user_games_t removable_device_t:blk_file { getattr };
+dontaudit user_games_t removable_device_t:lnk_file { read };
+
diff -ru default/file_contexts/program/games.fc current/file_contexts/program/games.fc
--- default/file_contexts/program/games.fc	2003-05-15 05:22:15.000000000 +0200
+++ current/file_contexts/program/games.fc	2003-05-24 13:32:12.000000000 +0200
@@ -1,5 +1,15 @@
-#  netscape/mozilla
-/usr/games/.*		system_u:object_r:games_exec_t
+#  games installed on the system
+# Most games installed in /usr/local/games don't follow FHS conventions and
+# drop the binaries in with the data - therefore, you must relabel the
+# binaries to system_u:object_r:games_exec_t manually!
+/usr/games(/.*)?	system_u:object_r:games_data_t
+/usr/local/games(/.*)?	system_u:object_r:games_data_t
 /usr/lib/games/.* --	system_u:object_r:games_exec_t
 /var/games(/.*)?	system_u:object_r:games_data_t
 /usr/bin/micq		system_u:object_r:games_exec_t
+#
+# Some examples
+# Majesty (Fantasy RTS)
+/usr/local/games/majesty/majesty		system_u:object_r:games_exec_t
+/usr/local/games/majesty/majx			system_u:object_r:games_exec_t
+/usr/local/games/majesty/netmodules/libtcp_ip.so	system_u:object_r:games_exec_t
diff -ru default/file_contexts/types.fc current/file_contexts/types.fc
--- default/file_contexts/types.fc	2003-05-15 05:22:15.000000000 +0200
+++ current/file_contexts/types.fc	2003-05-24 12:46:13.000000000 +0200
@@ -229,7 +229,7 @@
 /usr/lib/gconv/.*\.so		system_u:object_r:shlib_t
 /usr/share/guile/g-wrapped/.*\.so system_u:object_r:shlib_t
 /usr/share/selinux(/.*)?	system_u:object_r:policy_src_t
-/usr/games(/.*)?		system_u:object_r:bin_t
+#/usr/games(/.*)?		system_u:object_r:bin_t
 
 #
 # /usr/.*glibc.*-linux/lib