From 8e315d5910bb45f2f084d43a2a0d2c5685845b8a Mon Sep 17 00:00:00 2001
From: Davide Cavalca <dcavalca@centosproject.org>
Date: Jul 27 2021 16:07:11 +0000
Subject: Add missing SELinux rules for the GNOME and KDE LiveDVD spins


---

diff --git a/SOURCES/systemd_hs.te b/SOURCES/systemd_hs.te
index d797e0f..ce80487 100644
--- a/SOURCES/systemd_hs.te
+++ b/SOURCES/systemd_hs.te
@@ -6,12 +6,16 @@ gen_require(`
 	type cgroup_t;
 	type init_t;
 	type init_var_run_t;
+	type initrc_t;
+	class dbus send_msg;
+	type install_t;
 	type kmsg_device_t;
 	type policykit_auth_t;
 	type policykit_t;
 	type proc_kmsg_t;
 	type rpm_t;
 	type system_dbusd_t;
+	type system_dbusd_var_run_t;
 	type systemd_hostnamed_t;
 	type systemd_localed_t;
 	type systemd_logind_t;
@@ -23,12 +27,14 @@ gen_require(`
 	type syslogd_t;
 	type udev_var_run_t;
 	type user_tmp_t;
+	type useradd_t;
 	type xdm_t;
 ')
 
 allow avahi_t init_var_run_t:dir read;
 allow init_t kmsg_device_t:chr_file mounton;
 allow init_t proc_kmsg_t:file { getattr mounton };
+allow init_t system_dbusd_var_run_t:sock_file read;
 allow init_t systemd_machined_t:unix_stream_socket connectto;
 allow policykit_auth_t init_var_run_t:dir read;
 allow policykit_auth_t systemd_machined_t:unix_stream_socket connectto;
@@ -36,6 +42,10 @@ allow policykit_t systemd_machined_t:unix_stream_socket connectto;
 allow sssd_t cgroup_t:filesystem getattr;
 allow syslogd_t user_tmp_t:lnk_file read;
 allow system_dbusd_t systemd_machined_t:unix_stream_socket connectto;
+allow systemd_hostnamed_t init_var_run_t:dir write;
+allow systemd_hostnamed_t init_var_run_t:file { getattr ioctl open read };
+allow systemd_hostnamed_t initrc_t:dbus send_msg;
+allow systemd_hostnamed_t install_t:dbus send_msg;
 allow systemd_hostnamed_t udev_var_run_t:file getattr;
 allow systemd_hostnamed_t udev_var_run_t:file open;
 allow systemd_hostnamed_t udev_var_run_t:file read;
@@ -46,6 +56,7 @@ allow systemd_logind_t user_tmp_t:chr_file unlink;
 allow systemd_machined_t init_var_run_t:sock_file create;
 allow sssd_t cgroup_t:dir search;
 allow sssd_t cgroup_t:filesystem getattr;
+allow useradd_t init_var_run_t:dir read;
 allow xdm_t systemd_machined_t:unix_stream_socket connectto;
 
 selinux_use_status_page(init_t)
diff --git a/SPECS/systemd.spec b/SPECS/systemd.spec
index ccbb2fb..d991a61 100644
--- a/SPECS/systemd.spec
+++ b/SPECS/systemd.spec
@@ -26,7 +26,7 @@
 Name:           systemd
 Url:            https://www.freedesktop.org/wiki/Software/systemd
 Version:        248.5
-Release:        1.2%{?dist}
+Release:        1.3%{?dist}
 # For a breakdown of the licensing, see README
 License:        LGPLv2+ and MIT and GPLv2+
 Summary:        System and Service Manager
@@ -962,6 +962,10 @@ fi
 %endif
 
 %changelog
+* Tue Jul 27 2021 Davide Cavalca <dcavalca@centosproject.org> - 248.5-1.3
+- Add missing SELinux rules for the GNOME and KDE LiveDVD spins
+  (https://pagure.io/centos-sig-hyperscale/package-bugs/issue/7)
+
 * Wed Jul 21 2021 Davide Cavalca <dcavalca@centosproject.org> - 248.5-1.2
 - Add missing SELinux rules for 248
   (https://pagure.io/centos-sig-hyperscale/package-bugs/issue/1)