From 972e4dbcdf87067924239db5dcc89a099298700c Mon Sep 17 00:00:00 2001
From: Nikola Knazekova <nknazeko@redhat.com>
Date: Mon, 7 Nov 2022 15:20:12 +0100
Subject: [PATCH] Add interface to watch all filesystems

Resolves: rhbz#2139363
---
 policy/modules/kernel/filesystem.if | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if
index d7645a534f..918bf32963 100644
--- a/policy/modules/kernel/filesystem.if
+++ b/policy/modules/kernel/filesystem.if
@@ -6426,6 +6426,24 @@ interface(`fs_unmount_all_fs',`
 	allow $1 filesystem_type:filesystem unmount;
 ')
 
+########################################
+## <summary>
+##	Watch all filesystems.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`fs_watch_all_fs',`
+	gen_require(`
+		attribute filesystem_type;
+	')
+
+	allow $1 filesystem_type:filesystem watch;
+')
+
 ########################################
 ## <summary>
 ##	Get the attributes of all filesystems.