From 08dba4d63998eb056a35e6b06ea8addcc914a6728443d88bafc7266a224ea159 Mon Sep 17 00:00:00 2001
From: Johannes Segitz <jsegitz@suse.com>
Date: Wed, 13 Jul 2022 08:54:50 +0000
Subject: [PATCH] Accepting request 988934 from
 home:jsegitz:branches:security:SELinux

- Update fix_systemd.patch to add cap sys_admin and kernel_dgram_send for
  systemd_gpt_generator_t (bsc#1200911)

OBS-URL: https://build.opensuse.org/request/show/988934
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=135
---
 fix_systemd.patch      | 9 +++++++++
 selinux-policy.changes | 4 ++--
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/fix_systemd.patch b/fix_systemd.patch
index 81eadcc..867f7e0 100644
--- a/fix_systemd.patch
+++ b/fix_systemd.patch
@@ -33,3 +33,12 @@ Index: fedora-policy-20220624/policy/modules/system/systemd.te
  allow systemd_gpt_generator_t self:netlink_kobject_uevent_socket create_socket_perms;
  
  dev_read_sysfs(systemd_gpt_generator_t)
+@@ -1127,6 +1135,8 @@ systemd_unit_file_filetrans(systemd_gpt_
+ systemd_create_unit_file_dirs(systemd_gpt_generator_t)
+ systemd_create_unit_file_lnk(systemd_gpt_generator_t)
+ 
++kernel_dgram_send(systemd_gpt_generator_t)
++
+ optional_policy(`
+ 	udev_read_pid_files(systemd_gpt_generator_t)
+ ')
diff --git a/selinux-policy.changes b/selinux-policy.changes
index 8663b1d..6d8445d 100644
--- a/selinux-policy.changes
+++ b/selinux-policy.changes
@@ -1,8 +1,8 @@
 -------------------------------------------------------------------
 Wed Jul 13 07:48:41 UTC 2022 - Johannes Segitz <jsegitz@suse.com>
 
-- Update fix_systemd.patch to add sys_admin systemd_gpt_generator_t
-  (bsc#1200911)
+- Update fix_systemd.patch to add cap sys_admin and kernel_dgram_send for
+  systemd_gpt_generator_t (bsc#1200911)
 
 -------------------------------------------------------------------
 Mon Jul 11 13:45:04 UTC 2022 - Johannes Segitz <jsegitz@suse.com>