From 5e9918310dccf6d6dd1da52c19ce2a2927d0a96e Mon Sep 17 00:00:00 2001
From: Richard Filo <rfilo@redhat.com>
Date: Mon, 24 Aug 2020 10:55:10 +0200
Reference: https://github.com/fedora-selinux/selinux-policy/commit/5e9918310dccf6d6dd1da52c19ce2a2927d0a96e
Conflict: NA
Subject: [PATCH] Allow all users to connect to systemd-userdbd with a unix
 socket

Add interface systemd_userdbd_stream_connect() to allow communication using userdb sockets.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1835630
---
 policy/modules/system/userdomain.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/policy/modules/system/userdomain.te b/policy/modules/system/userdomain.te
index 89b4867..756ac4a 100644
--- a/policy/modules/system/userdomain.te
+++ b/policy/modules/system/userdomain.te
@@ -209,6 +209,10 @@ optional_policy(`
 	xserver_filetrans_home_content(userdomain)
 ')
 
+optional_policy(`
+	systemd_userdbd_stream_connect(userdomain)
+')
+
 # rules for types which can read home certs
 allow userdom_home_reader_certs_type home_cert_t:dir list_dir_perms;
 read_files_pattern(userdom_home_reader_certs_type, home_cert_t, home_cert_t)
-- 
1.8.3.1