selinux-policy/backport-Allow-fprintd-bpf-capability-to-run-bpf-programs.patch

From d3a62f953b580565068ada2f73968ccaaab80a7f Mon Sep 17 00:00:00 2001
From: Nikola Knazekova <nknazeko@redhat.com>
Date: Thu, 27 Oct 2022 14:04:55 +0200
Subject: [PATCH] Allow fprintd bpf capability to run bpf programs

Resolves: rhbz#2134827
---
 policy/modules/contrib/fprintd.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/policy/modules/contrib/fprintd.te b/policy/modules/contrib/fprintd.te
index 7826990a3d..7a48e69eb4 100644
--- a/policy/modules/contrib/fprintd.te
+++ b/policy/modules/contrib/fprintd.te
@@ -22,7 +22,7 @@ files_tmp_file(fprintd_tmp_t)
 #
 
 allow fprintd_t self:capability { sys_admin sys_nice };
-allow fprintd_t self:capability2 wake_alarm;
+allow fprintd_t self:capability2 { bpf wake_alarm };
 allow fprintd_t self:process { getsched setsched signal sigkill };
 allow fprintd_t self:fifo_file rw_fifo_file_perms;
 allow fprintd_t self:netlink_kobject_uevent_socket create_socket_perms;