From 7f0081eae11983105880406b38560026c509b007 Mon Sep 17 00:00:00 2001
From: Davide Cavalca <dcavalca@centosproject.org>
Date: Jul 21 2021 23:38:56 +0000
Subject: Add missing SELinux rules for 248


---

diff --git a/SOURCES/systemd_hs.te b/SOURCES/systemd_hs.te
index 577a0a3..d797e0f 100644
--- a/SOURCES/systemd_hs.te
+++ b/SOURCES/systemd_hs.te
@@ -3,6 +3,7 @@ policy_module(systemd_hs,0.0.1)
 # systemd overrides for 247
 gen_require(`
 	type avahi_t;
+	type cgroup_t;
 	type init_t;
 	type init_var_run_t;
 	type kmsg_device_t;
@@ -18,7 +19,9 @@ gen_require(`
 	type systemd_resolved_t;
 	type systemd_tmpfiles_t;
 	type security_t;
+	type sssd_t;
 	type syslogd_t;
+	type udev_var_run_t;
 	type user_tmp_t;
 	type xdm_t;
 ')
@@ -30,12 +33,19 @@ allow init_t systemd_machined_t:unix_stream_socket connectto;
 allow policykit_auth_t init_var_run_t:dir read;
 allow policykit_auth_t systemd_machined_t:unix_stream_socket connectto;
 allow policykit_t systemd_machined_t:unix_stream_socket connectto;
+allow sssd_t cgroup_t:filesystem getattr;
 allow syslogd_t user_tmp_t:lnk_file read;
 allow system_dbusd_t systemd_machined_t:unix_stream_socket connectto;
-allow systemd_logind_t self:netlink_selinux_socket create;
+allow systemd_hostnamed_t udev_var_run_t:file getattr;
+allow systemd_hostnamed_t udev_var_run_t:file open;
+allow systemd_hostnamed_t udev_var_run_t:file read;
 allow systemd_logind_t self:netlink_selinux_socket bind;
+allow systemd_logind_t self:netlink_selinux_socket create;
 allow systemd_logind_t systemd_machined_t:unix_stream_socket connectto;
+allow systemd_logind_t user_tmp_t:chr_file unlink;
 allow systemd_machined_t init_var_run_t:sock_file create;
+allow sssd_t cgroup_t:dir search;
+allow sssd_t cgroup_t:filesystem getattr;
 allow xdm_t systemd_machined_t:unix_stream_socket connectto;
 
 selinux_use_status_page(init_t)
diff --git a/SPECS/systemd.spec b/SPECS/systemd.spec
index de73aae..ccbb2fb 100644
--- a/SPECS/systemd.spec
+++ b/SPECS/systemd.spec
@@ -26,7 +26,7 @@
 Name:           systemd
 Url:            https://www.freedesktop.org/wiki/Software/systemd
 Version:        248.5
-Release:        1.1%{?dist}
+Release:        1.2%{?dist}
 # For a breakdown of the licensing, see README
 License:        LGPLv2+ and MIT and GPLv2+
 Summary:        System and Service Manager
@@ -962,6 +962,10 @@ fi
 %endif
 
 %changelog
+* Wed Jul 21 2021 Davide Cavalca <dcavalca@centosproject.org> - 248.5-1.2
+- Add missing SELinux rules for 248
+  (https://pagure.io/centos-sig-hyperscale/package-bugs/issue/1)
+
 * Wed Jul 21 2021 Anita Zhang <anitazha@fb.com> - 248.5-1.1
 - Update to systemd-stable 248.5 (includes fix for CVE-2021-33910)