From f7ee387e69162a3e82cb328d42e6e308aa1ad752 Mon Sep 17 00:00:00 2001
From: Nikola Knazekova <nknazeko@redhat.com>
Date: Thu, 27 Oct 2022 14:21:32 +0200
Subject: [PATCH] Allow keepalived bpf capability to run bpf programs

Resolves: rhbz#2134827
---
 policy/modules/contrib/keepalived.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/policy/modules/contrib/keepalived.te b/policy/modules/contrib/keepalived.te
index 0879eeb4ec..ff0b498188 100644
--- a/policy/modules/contrib/keepalived.te
+++ b/policy/modules/contrib/keepalived.te
@@ -38,6 +38,7 @@ files_tmpfs_file(keepalived_tmpfs_t)
 #
 
 allow keepalived_t self:capability { net_admin net_raw kill dac_read_search setuid setgid sys_admin sys_nice sys_ptrace };
+allow keepalived_t self:capability2 bpf;
 allow keepalived_t self:process { signal_perms getpgid setpgid setsched };
 allow keepalived_t self:icmp_socket create_socket_perms;
 allow keepalived_t self:netlink_socket create_socket_perms;