!219 [sync] PR-218: add avc rules for cloud-init

From: @openeuler-sync-bot 
Reviewed-by: @HuaxinLuGitee 
Signed-off-by: @HuaxinLuGitee

allow-init_t-create-fifo-file-in-net_conf-dir.patch

@@ -0,0 +1,25 @@
+From b00033d4825cfc3ae9787c94ffa7e5408acf9a4b Mon Sep 17 00:00:00 2001
+From: Huaxin Lu <luhuaxin1@huawei.com>
+Date: Sun, 29 Jan 2023 00:36:01 +0800
+Subject: [PATCH] allow init_t create fifo file in net_conf dir
+
+Signed-off-by: Huaxin Lu <luhuaxin1@huawei.com>
+---
+ policy/modules/system/init.te | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
+index 8b84aa1..15b57a7 100644
+--- a/policy/modules/system/init.te
++++ b/policy/modules/system/init.te
+@@ -872,6 +872,7 @@ optional_policy(`
+ 
+ optional_policy(`
+     sysnet_filetrans_cloud_net_conf(init_t)
++    manage_fifo_files_pattern(init_t, net_conf_t, net_conf_t)
+ ')
+ 
+ optional_policy(`
+-- 
+2.33.0
+

selinux-policy.spec

@@ -12,7 +12,7 @@
 Summary: SELinux policy configuration
 Name:    selinux-policy
 Version: 35.5
-Release: 17
+Release: 18
 License: GPLv2+
 URL:     https://github.com/fedora-selinux/selinux-policy/
 
@@ -200,6 +200,7 @@ Patch9002: Add-permission-open-to-files_read_inherited_tmp_file.patch
 Patch9003: allow-httpd-to-put-files-in-httpd-config-dir.patch
 Patch9004: allow-map-postfix_master_t.patch
 Patch9005: add-rule-for-hostnamed-to-rpmscript-dbus-chat.patch
+Patch9006: allow-init_t-create-fifo-file-in-net_conf-dir.patch
 
 BuildArch: noarch
 BuildRequires:  python3 gawk checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils-devel >= %{POLICYCOREUTILSVER} bzip2 gcc
@@ -868,6 +869,9 @@ exit 0
 %endif
 
 %changelog
+* Thu Jun 08 2023 jinlun <jinlun@huawei.com> - 35.5-18
+- allow init_t create fifo file in net_conf dir.
+
 * Thu Mar 23 2023 wangjiang <wangjiang37@h-partners.com> - 35.5-17
 - backport patch Allow virt_domain read device sysctls
                  Allow icecast rename its log files