--- /root/public_html/policy/nsa/file_contexts/program/mysqld.fc	2004-08-22 16:20:06.000000000 +0300
+++ /etc/security/selinux/src/policy/file_contexts/program/mysqld.fc	2004-10-05 04:36:41.722539464 +0300
@@ -3,7 +3,7 @@
 /usr/libexec/mysqld	--	system_u:object_r:mysqld_exec_t
 /var/run/mysqld(/.*)?		system_u:object_r:mysqld_var_run_t
 /var/log/mysql.*	--	system_u:object_r:mysqld_log_t
-/var/lib/mysql(/.*)?		system_u:object_r:mysqld_db_t
+/var/lib(64)?/mysql(/.*)?	system_u:object_r:mysqld_db_t
 /var/lib/mysql/mysql.sock -s	system_u:object_r:mysqld_var_run_t
 /etc/my\.cnf		--	system_u:object_r:mysqld_etc_t
 /etc/mysql(/.*)?		system_u:object_r:mysqld_etc_t
--- /root/public_html/policy/nsa/domains/program/unused/mysqld.te	2004-08-30 23:35:32.000000000 +0300
+++ /etc/security/selinux/src/policy/domains/program/mysqld.te	2004-10-05 04:46:34.766383096 +0300
@@ -57,10 +57,6 @@
 
 can_unix_connect(sysadm_t, mysqld_t)
 
-# for /root/.my.cnf - should not be needed
-allow mysqld_t sysadm_home_dir_t:dir search;
-allow mysqld_t sysadm_home_t:file { read getattr };
-
 ifdef(`logrotate.te', `
 r_dir_file(logrotate_t, mysqld_etc_t)
 allow logrotate_t mysqld_db_t:dir search;
@@ -80,3 +76,20 @@
 # because Fedora has the sock_file in the database directory
 file_type_auto_trans(mysqld_t, mysqld_db_t, mysqld_var_run_t, sock_file)
 ')
+
+ifdef(`distro_gentoo', `
+# temporary tables (#sql prefix)
+tmp_domain(mysqld)
+
+# if controled by daemontools
+ifdef(`daemontools.te', `
+domain_auto_trans( svc_run_t, mysqld_exec_t, mysqld_t)
+allow svc_start_t mysqld_t:process signal;
+svc_ipc_domain(mysqld_t)
+')dnl end ifdef daemontools
+',`
+# for /root/.my.cnf - should not be needed
+allow mysqld_t sysadm_home_dir_t:dir search;
+allow mysqld_t sysadm_home_t:file { read getattr };
+')dnl end ifdef distro_gentoo
+