From 9935be1702ce951d1582e80ae8d747183ed34a5e Mon Sep 17 00:00:00 2001
From: Zdenek Pytela <zpytela@redhat.com>
Date: Fri, 8 Apr 2022 14:02:48 +0200
Subject: [PATCH] Allow system dbus daemon watch generic directories in
 /var/lib

Reference: https://gitbub.com/fedora-selinux/selinux-policy/commit/9935be1702ce951d1582e80ae8d747183ed34a5e
Conflict: NA

Resolves: rhbz#1928365
Signed-off-by: lujie54 <lujie54@huawei.com>
---
 policy/modules/contrib/dbus.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/policy/modules/contrib/dbus.te b/policy/modules/contrib/dbus.te
index 76fb3b6..ced5149 100644
--- a/policy/modules/contrib/dbus.te
+++ b/policy/modules/contrib/dbus.te
@@ -107,6 +107,7 @@ dev_rw_inherited_dri(system_dbusd_t)
 files_read_var_lib_symlinks(system_dbusd_t)
 files_rw_inherited_non_security_files(system_dbusd_t)
 files_watch_usr_dirs(system_dbusd_t)
+files_watch_var_lib_dirs(system_dbusd_t)
 
 fs_getattr_all_fs(system_dbusd_t)
 fs_search_auto_mountpoints(system_dbusd_t)
-- 
1.8.3.1