From 2fcc8f2b519facb139df5e412379f991d8322bf4 Mon Sep 17 00:00:00 2001
From: Stefano Brivio <sbrivio@redhat.com>
Date: Mon, 6 Mar 2023 22:49:39 +0000
Subject: [PATCH 10/20] contrib/selinux: Let passt write to stdout and stderr
when it starts
Otherwise, it's unusable as stand-alone tool, or in foreground mode,
and it's also impossible to get output from --help or --version,
because for SELinux it's just a daemon.
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Tested-by: Laine Stump <laine@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
(cherry picked from commit 41bc669866b9e408d8d4966ee06e01784949b98d)
---
contrib/selinux/passt.te | 1 +
1 file changed, 1 insertion(+)
diff --git a/contrib/selinux/passt.te b/contrib/selinux/passt.te
index 593b346..6cd61f1 100644
--- a/contrib/selinux/passt.te
+++ b/contrib/selinux/passt.te
@@ -72,6 +72,7 @@ type_transition unconfined_t passt_exec_t : process passt_t;
allow unconfined_t passt_t : process transition ;
init_daemon_domain(passt_t, passt_exec_t)
+term_use_all_inherited_terms(passt_t)
allow passt_t bin_t:file { execute execute_no_trans map };
allow passt_t user_home_dir_t:dir { search add_name write };
--
2.39.2