readjust according to Zdeněk

policy/modules/contrib/sandboxX.te

@@ -57,7 +57,6 @@ manage_files_pattern(sandbox_xserver_t, sandbox_file_t, sandbox_file_t)
 manage_sock_files_pattern(sandbox_xserver_t, sandbox_file_t, sandbox_file_t)
 allow sandbox_xserver_t sandbox_file_t:file map;
 allow sandbox_xserver_t sandbox_file_t:sock_file create_sock_file_perms;
-allow sandbox_xserver_t sandbox_xserver_tmpfs_t:file map;
 
 manage_dirs_pattern(sandbox_xserver_t, sandbox_xserver_tmpfs_t, sandbox_xserver_tmpfs_t)
 manage_files_pattern(sandbox_xserver_t, sandbox_xserver_tmpfs_t, sandbox_xserver_tmpfs_t)
@@ -66,10 +65,10 @@ manage_fifo_files_pattern(sandbox_xserver_t, sandbox_xserver_tmpfs_t, sandbox_xs
 manage_sock_files_pattern(sandbox_xserver_t, sandbox_xserver_tmpfs_t, sandbox_xserver_tmpfs_t)
 fs_tmpfs_filetrans(sandbox_xserver_t, sandbox_xserver_tmpfs_t, { dir file lnk_file sock_file fifo_file })
 
-fs_getattr_xattr_fs(sandbox_xserver_t)
-kernel_read_device_sysctls(sandbox_xserver_t)
+allow sandbox_xserver_t sandbox_xserver_tmpfs_t:file map;
 
 kernel_dontaudit_request_load_module(sandbox_xserver_t)
+kernel_read_device_sysctls(sandbox_xserver_t)
 kernel_read_system_state(sandbox_xserver_t)
 
 corecmd_exec_bin(sandbox_xserver_t)
@@ -97,6 +96,7 @@ domain_use_interactive_fds(sandbox_xserver_t)
 files_read_config_files(sandbox_xserver_t)
 files_search_home(sandbox_xserver_t)
 fs_dontaudit_rw_tmpfs_files(sandbox_xserver_t)
+fs_getattr_xattr_fs(sandbox_xserver_t)
 fs_search_auto_mountpoints(sandbox_xserver_t)
 
 miscfiles_read_fonts(sandbox_xserver_t)