From e237958d348766aac7f83414ed7af2ab44f8efca Mon Sep 17 00:00:00 2001
From: guoxiaoqi <guoxiaoqi2@huawei.com>
Date: Sat, 30 May 2020 10:56:41 +0800
Subject: [PATCH] add allow passwd to write sssd var lib

Signed-off-by: guoxiaoqi <guoxiaoqi2@huawei.com>
---
 policy/modules/admin/usermanage.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/policy/modules/admin/usermanage.te b/policy/modules/admin/usermanage.te
index 1977309..426bae8 100644
--- a/policy/modules/admin/usermanage.te
+++ b/policy/modules/admin/usermanage.te
@@ -391,6 +391,9 @@ logging_send_syslog_msg(passwd_t)
 seutil_read_config(passwd_t)
 seutil_read_file_contexts(passwd_t)
 
+sssd_var_lib_map_file(passwd_t)
+sssd_var_lib_write_file(passwd_t)
+
 userdom_use_inherited_user_terminals(passwd_t)
 userdom_use_unpriv_users_fds(passwd_t)
 # make sure that getcon succeeds
-- 
1.8.3.1