fapolicyd/selinux-backport.patch

diff -up ./fapolicyd-selinux-0.4/fapolicyd.if.backport ./fapolicyd-selinux-0.4/fapolicyd.if
--- ./fapolicyd-selinux-0.4/fapolicyd.if.backport	2021-03-23 10:21:31.000000000 +0100
+++ ./fapolicyd-selinux-0.4/fapolicyd.if	2021-07-20 17:38:51.266053356 +0200
@@ -2,6 +2,122 @@
 
 ########################################
 ## <summary>
+##	Watch_mount directories in /boot.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+
+ifndef(`files_watch_mount_boot_dirs',`
+    interface(`files_watch_mount_boot_dirs',`
+        gen_require(`
+            type boot_t;
+	    ')
+
+	        allow $1 boot_t:dir watch_mount_dir_perms;
+    ')
+')
+
+
+########################################
+## <summary>
+##	Watch_mount home directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+
+ifndef(`files_watch_mount_home',`
+    interface(`files_watch_mount_home',`
+        gen_require(`
+            type home_root_t;
+	    ')
+
+	    allow $1 home_root_t:dir watch_mount_dir_perms;
+    ')
+')
+
+
+########################################
+## <summary>
+##	Watch_with_perm home directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+
+ifndef(`files_watch_with_perm_home',`
+interface(`files_watch_with_perm_home',`
+	gen_require(`
+		type home_root_t;
+	')
+
+	allow $1 home_root_t:dir watch_with_perm_dir_perms;
+')
+')
+
+
+########################################
+## <summary>
+##	Watch_mount dirs on a DOS filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+
+ifndef(`fs_watch_mount_dos_dirs',`
+interface(`fs_watch_mount_dos_dirs',`
+	gen_require(`
+		type dosfs_t;
+	')
+
+	watch_mount_dirs_pattern($1, dosfs_t, dosfs_t)
+')
+')
+
+
+
+########################################
+## <summary>
+##	Watch_with_perm dirs on a DOS filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+
+ifndef(`fs_watch_with_perm_dos_dirs',`
+interface(`fs_watch_with_perm_dos_dirs',`
+	gen_require(`
+		type dosfs_t;
+	')
+
+	watch_with_perm_dirs_pattern($1, dosfs_t, dosfs_t)
+')
+')
+
+
+###################################################################################################
+
+
+
+
+########################################
+## <summary>
 ##	Execute fapolicyd_exec_t in the fapolicyd domain.
 ## </summary>
 ## <param name="domain">
diff -up ./fapolicyd-selinux-0.4/fapolicyd.te.backport ./fapolicyd-selinux-0.4/fapolicyd.te
--- ./fapolicyd-selinux-0.4/fapolicyd.te.backport	2021-07-20 17:31:12.161166538 +0200
+++ ./fapolicyd-selinux-0.4/fapolicyd.te	2021-07-20 17:31:12.162166524 +0200
@@ -1,5 +1,6 @@
 policy_module(fapolicyd, 1.0.0)
 
+
 ########################################
 #
 # Declarations
RHEL 9 BETA - SELinux prevents fapolicyd from watch_mount/watch_with_perm on /dev/shm Resolves: rhbz#1932225 Resolves: rhbz#1977731 Signed-off-by: Radovan Sroka <rsroka@redhat.com> 2021-07-21 12:43:14 +00:00			`diff -up ./fapolicyd-selinux-0.4/fapolicyd.if.backport ./fapolicyd-selinux-0.4/fapolicyd.if`
			`--- ./fapolicyd-selinux-0.4/fapolicyd.if.backport 2021-03-23 10:21:31.000000000 +0100`
			`+++ ./fapolicyd-selinux-0.4/fapolicyd.if 2021-07-20 17:38:51.266053356 +0200`
			`@@ -2,6 +2,122 @@`

			`########################################`
			`## <summary>`
			`+## Watch_mount directories in /boot.`
			`+## </summary>`
			`+## <param name="domain">`
			`+## <summary>`
			`+## Domain allowed access.`
			`+## </summary>`
			`+## </param>`
			`+#`
			`+`
			+ifndef(`files_watch_mount_boot_dirs',`
			+ interface(`files_watch_mount_boot_dirs',`
			+ gen_require(`
			`+ type boot_t;`
			`+ ')`
			`+`
			`+ allow $1 boot_t:dir watch_mount_dir_perms;`
			`+ ')`
			`+')`
			`+`
			`+`
			`+########################################`
			`+## <summary>`
			`+## Watch_mount home directories.`
			`+## </summary>`
			`+## <param name="domain">`
			`+## <summary>`
			`+## Domain allowed access.`
			`+## </summary>`
			`+## </param>`
			`+#`
			`+`
			+ifndef(`files_watch_mount_home',`
			+ interface(`files_watch_mount_home',`
			+ gen_require(`
			`+ type home_root_t;`
			`+ ')`
			`+`
			`+ allow $1 home_root_t:dir watch_mount_dir_perms;`
			`+ ')`
			`+')`
			`+`
			`+`
			`+########################################`
			`+## <summary>`
			`+## Watch_with_perm home directories.`
			`+## </summary>`
			`+## <param name="domain">`
			`+## <summary>`
			`+## Domain allowed access.`
			`+## </summary>`
			`+## </param>`
			`+#`
			`+`
			+ifndef(`files_watch_with_perm_home',`
			+interface(`files_watch_with_perm_home',`
			+ gen_require(`
			`+ type home_root_t;`
			`+ ')`
			`+`
			`+ allow $1 home_root_t:dir watch_with_perm_dir_perms;`
			`+')`
			`+')`
			`+`
			`+`
			`+########################################`
			`+## <summary>`
			`+## Watch_mount dirs on a DOS filesystem.`
			`+## </summary>`
			`+## <param name="domain">`
			`+## <summary>`
			`+## Domain allowed access.`
			`+## </summary>`
			`+## </param>`
			`+#`
			`+`
			+ifndef(`fs_watch_mount_dos_dirs',`
			+interface(`fs_watch_mount_dos_dirs',`
			+ gen_require(`
			`+ type dosfs_t;`
			`+ ')`
			`+`
			`+ watch_mount_dirs_pattern($1, dosfs_t, dosfs_t)`
			`+')`
			`+')`
			`+`
			`+`
			`+`
			`+########################################`
			`+## <summary>`
			`+## Watch_with_perm dirs on a DOS filesystem.`
			`+## </summary>`
			`+## <param name="domain">`
			`+## <summary>`
			`+## Domain allowed access.`
			`+## </summary>`
			`+## </param>`
			`+#`
			`+`
			+ifndef(`fs_watch_with_perm_dos_dirs',`
			+interface(`fs_watch_with_perm_dos_dirs',`
			+ gen_require(`
			`+ type dosfs_t;`
			`+ ')`
			`+`
			`+ watch_with_perm_dirs_pattern($1, dosfs_t, dosfs_t)`
			`+')`
			`+')`
			`+`
			`+`
			`+###################################################################################################`
			`+`
			`+`
			`+`
			`+`
			`+########################################`
			`+## <summary>`
			`## Execute fapolicyd_exec_t in the fapolicyd domain.`
			`## </summary>`
			`## <param name="domain">`
			`diff -up ./fapolicyd-selinux-0.4/fapolicyd.te.backport ./fapolicyd-selinux-0.4/fapolicyd.te`
			`--- ./fapolicyd-selinux-0.4/fapolicyd.te.backport 2021-07-20 17:31:12.161166538 +0200`
			`+++ ./fapolicyd-selinux-0.4/fapolicyd.te 2021-07-20 17:31:12.162166524 +0200`
			`@@ -1,5 +1,6 @@`
			`policy_module(fapolicyd, 1.0.0)`

			`+`
			`########################################`
			`#`
			`# Declarations`