Accepting request 988934 from home:jsegitz:branches:security:SELinux

- Update fix_systemd.patch to add cap sys_admin and kernel_dgram_send for
  systemd_gpt_generator_t (bsc#1200911)

OBS-URL: https://build.opensuse.org/request/show/988934
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=135

fix_systemd.patch

@@ -33,3 +33,12 @@ Index: fedora-policy-20220624/policy/modules/system/systemd.te
  allow systemd_gpt_generator_t self:netlink_kobject_uevent_socket create_socket_perms;
  
  dev_read_sysfs(systemd_gpt_generator_t)
+@@ -1127,6 +1135,8 @@ systemd_unit_file_filetrans(systemd_gpt_
+ systemd_create_unit_file_dirs(systemd_gpt_generator_t)
+ systemd_create_unit_file_lnk(systemd_gpt_generator_t)
+ 
++kernel_dgram_send(systemd_gpt_generator_t)
++
+ optional_policy(`
+ 	udev_read_pid_files(systemd_gpt_generator_t)
+ ')

selinux-policy.changes

@@ -1,8 +1,8 @@
 -------------------------------------------------------------------
 Wed Jul 13 07:48:41 UTC 2022 - Johannes Segitz <jsegitz@suse.com>
 
-- Update fix_systemd.patch to add sys_admin systemd_gpt_generator_t
-  (bsc#1200911)
+- Update fix_systemd.patch to add cap sys_admin and kernel_dgram_send for
+  systemd_gpt_generator_t (bsc#1200911)
 
 -------------------------------------------------------------------
 Mon Jul 11 13:45:04 UTC 2022 - Johannes Segitz <jsegitz@suse.com>