selinux-policy/backport-Allow-gssproxy-read-write-and-map-ica-tmpfs-files.patch

From dc1a9f92b95e7adb963383681b8cab44f1e2a044 Mon Sep 17 00:00:00 2001
From: Zdenek Pytela <zpytela@redhat.com>
Date: Mon, 10 Jan 2022 17:25:03 +0100
Subject: [PATCH] Allow gssproxy read, write, and map ica tmpfs files

Reference: https://gitbub.com/fedora-selinux/selinux-policy/commit/dc1a9f92b95e7adb963383681b8cab44f1e2a044
Conflict: NA

These permissions are necessary for domains working
with the ICA crypto accelerator.

Resolves: rhbz#2026974
Signed-off-by: lujie54 <lujie54@huawei.com>
---
 policy/modules/contrib/gssproxy.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/policy/modules/contrib/gssproxy.te b/policy/modules/contrib/gssproxy.te
index 872079f..f48457c 100644
--- a/policy/modules/contrib/gssproxy.te
+++ b/policy/modules/contrib/gssproxy.te
@@ -68,6 +68,10 @@ optional_policy(`
 ')
 
 optional_policy(`
+	ica_rw_map_tmpfs_files(gssproxy_t)
+')
+
+optional_policy(`
     ipa_read_lib(gssproxy_t)
 ')
 
-- 
1.8.3.1