From d63e6cf43bfe32d53b371b6920d4c09431647ddd Mon Sep 17 00:00:00 2001
From: Ludwig Nussel <ludwig.nussel@suse.de>
Date: Wed, 28 Apr 2021 17:09:49 +0200
Subject: [PATCH] cockpit: allow cockpit socket to bind nodes

Looks like this setting is implicit with kerberos enabled.
cockpit.socket fails to start if kerberos_enabled=false
---
 policy/modules/contrib/cockpit.te | 2 ++
 1 file changed, 2 insertions(+)

Index: fedora-policy-20210628/policy/modules/contrib/cockpit.te
===================================================================
--- fedora-policy-20210628.orig/policy/modules/contrib/cockpit.te
+++ fedora-policy-20210628/policy/modules/contrib/cockpit.te
@@ -51,7 +51,9 @@ can_exec(cockpit_ws_t,cockpit_session_ex
 dev_read_urand(cockpit_ws_t) # for authkey
 dev_read_rand(cockpit_ws_t)  # for libssh
 
+# cockpit-ws allows connections on websm port
 corenet_tcp_bind_websm_port(cockpit_ws_t)
+corenet_tcp_bind_generic_node(cockpit_ws_t)
 
 # cockpit-ws can connect to other hosts via ssh
 corenet_tcp_connect_ssh_port(cockpit_ws_t)