From 7782210333c3296b68f954b46284024701ec79e4 Mon Sep 17 00:00:00 2001
From: imxcc <xingchaochao@huawei.com>
Date: Wed, 8 Sep 2021 11:28:28 +0800
Subject: [PATCH] Allow init_t create lnk file

Bugfix: When the selinux mode is enforcing, libcare.socket cannot
create symlink libcare.sock. This will cause the libcare.service
to fail to start.

Signed-off-by: imxcc <xingchaochao@huawei.com>
---
 dist/selinux/libcare.te | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/dist/selinux/libcare.te b/dist/selinux/libcare.te
index c240875..936fc34 100644
--- a/dist/selinux/libcare.te
+++ b/dist/selinux/libcare.te
@@ -49,6 +49,8 @@ allow libcare_t libcare_file_t: file exec_file_perms;
 allow libcare_t libcare_file_t: dir list_dir_perms;
 allow libcare_t libcare_file_t: lnk_file read_lnk_file_perms;
 
+allow init_t var_run_t:lnk_file create;
+
 # to read patient's /proc entries and be able to attach to it
 allow libcare_t self: capability { dac_override dac_read_search sys_ptrace };
 
-- 
2.27.0