From 93ebed86ac7e50c94d8a85192cdcc7b738b412aa Mon Sep 17 00:00:00 2001
From: jinlun <jinlun@huawei.com>
Date: Thu, 8 Jun 2023 11:24:39 +0800
Subject: [PATCH] allow init_t create fifo file in net_conf dir.

(cherry picked from commit f1c44428051007fc1febc84a62a2bb089b434e8b)
---
 ...t_t-create-fifo-file-in-net_conf-dir.patch | 25 +++++++++++++++++++
 selinux-policy.spec                           |  6 ++++-
 2 files changed, 30 insertions(+), 1 deletion(-)
 create mode 100644 allow-init_t-create-fifo-file-in-net_conf-dir.patch

diff --git a/allow-init_t-create-fifo-file-in-net_conf-dir.patch b/allow-init_t-create-fifo-file-in-net_conf-dir.patch
new file mode 100644
index 0000000..89a9896
--- /dev/null
+++ b/allow-init_t-create-fifo-file-in-net_conf-dir.patch
@@ -0,0 +1,25 @@
+From b00033d4825cfc3ae9787c94ffa7e5408acf9a4b Mon Sep 17 00:00:00 2001
+From: Huaxin Lu <luhuaxin1@huawei.com>
+Date: Sun, 29 Jan 2023 00:36:01 +0800
+Subject: [PATCH] allow init_t create fifo file in net_conf dir
+
+Signed-off-by: Huaxin Lu <luhuaxin1@huawei.com>
+---
+ policy/modules/system/init.te | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
+index 8b84aa1..15b57a7 100644
+--- a/policy/modules/system/init.te
++++ b/policy/modules/system/init.te
+@@ -872,6 +872,7 @@ optional_policy(`
+ 
+ optional_policy(`
+     sysnet_filetrans_cloud_net_conf(init_t)
++    manage_fifo_files_pattern(init_t, net_conf_t, net_conf_t)
+ ')
+ 
+ optional_policy(`
+-- 
+2.33.0
+
diff --git a/selinux-policy.spec b/selinux-policy.spec
index f0f1fda..bf56037 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -12,7 +12,7 @@
 Summary: SELinux policy configuration
 Name:    selinux-policy
 Version: 35.5
-Release: 17
+Release: 18
 License: GPLv2+
 URL:     https://github.com/fedora-selinux/selinux-policy/
 
@@ -200,6 +200,7 @@ Patch9002: Add-permission-open-to-files_read_inherited_tmp_file.patch
 Patch9003: allow-httpd-to-put-files-in-httpd-config-dir.patch
 Patch9004: allow-map-postfix_master_t.patch
 Patch9005: add-rule-for-hostnamed-to-rpmscript-dbus-chat.patch
+Patch9006: allow-init_t-create-fifo-file-in-net_conf-dir.patch
 
 BuildArch: noarch
 BuildRequires:  python3 gawk checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils-devel >= %{POLICYCOREUTILSVER} bzip2 gcc
@@ -868,6 +869,9 @@ exit 0
 %endif
 
 %changelog
+* Thu Jun 08 2023 jinlun <jinlun@huawei.com> - 35.5-18
+- allow init_t create fifo file in net_conf dir.
+
 * Thu Mar 23 2023 wangjiang <wangjiang37@h-partners.com> - 35.5-17
 - backport patch Allow virt_domain read device sysctls
                  Allow icecast rename its log files
-- 
Gitee