From bf1751a3a139dfb05160330d04f68d4ab89a80f4 Mon Sep 17 00:00:00 2001
From: Zdenek Pytela <zpytela@redhat.com>
Date: Tue, 21 Jun 2022 17:45:28 +0200
Subject: [PATCH] Allow dhclient manage pid files used by chronyd

Reference: https://gitbub.com/fedora-selinux/selinux-policy/commit/bf1751a3a139dfb05160330d04f68d4ab89a80f4
Conflict: NA

The chronyd_manage_pid_files() interface was added.

Resolves: rhbz#2093709
Signed-off-by: lujie54 <lujie54@huawei.com>
---
 policy/modules/contrib/chronyd.if   | 19 +++++++++++++++++++
 policy/modules/system/sysnetwork.te |  1 +
 2 files changed, 20 insertions(+)

diff --git a/policy/modules/contrib/chronyd.if b/policy/modules/contrib/chronyd.if
index cad4d31..d2f5504 100644
--- a/policy/modules/contrib/chronyd.if
+++ b/policy/modules/contrib/chronyd.if
@@ -236,6 +236,25 @@ interface(`chronyd_manage_pid',`
 	manage_dirs_pattern($1, chronyd_var_run_t, chronyd_var_run_t)
 ')
 
+########################################
+## <summary>
+##	Manage pid files used by chronyd
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`chronyd_manage_pid_files',`
+	gen_require(`
+		type chronyd_var_run_t;
+	')
+
+	files_search_pids($1)
+	manage_files_pattern($1, chronyd_var_run_t, chronyd_var_run_t)
+')
+
 ######################################
 ## <summary>
 ##      Create objects in /var/run
diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te
index 1bb35d1..41b851f 100644
--- a/policy/modules/system/sysnetwork.te
+++ b/policy/modules/system/sysnetwork.te
@@ -201,6 +201,7 @@ optional_policy(`
 	chronyd_systemctl(dhcpc_t)
 	chronyd_domtrans(dhcpc_t)
 	chronyd_domtrans_chronyc(dhcpc_t)
+	chronyd_manage_pid_files(dhcpc_t)
 	chronyd_read_keys(dhcpc_t)
 ')

-- 
1.8.3.1