File 1243148-wireguard_dns-Add-fs_dontaudit_relabelfrom_tmpfs_files.patch of Package selinux-policy

commit cd7945af5eb99e487a538cfc645a940baa3c251d
Author: Robert Frohl <rfrohl@suse.com>
Date:   Mon Dec 15 15:12:01 2025 +0100

    Add fs_dontaudit_relabelfrom_tmpfs_files() interface
    
    Added for wireguard tooling that tries to relabel files during DNS setup.
    
    Resolves: bsc#1243148

diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if
index 4853c99de..e1d4f0d88 100644
--- a/policy/modules/kernel/filesystem.if
+++ b/policy/modules/kernel/filesystem.if
@@ -5772,6 +5772,24 @@ interface(`fs_dontaudit_getattr_tmpfs_dirs',`
 	dontaudit $1 tmpfs_t:dir getattr;
 ')
 
+########################################
+## <summary>
+##	Do not audit relabelfrom attempts on files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+interface(`fs_dontaudit_relabelfrom_tmpfs_files',`
+	gen_require(`
+		type tmpfs_t;
+	')
+
+	dontaudit $1 tmpfs_t:file relabelfrom;
+')
+
 ########################################
 ## <summary>
 ##	Set the attributes of tmpfs directories.