File 1243148-wireguard_dns-Add-sysnet_dontaudit_file_relabelto.patch of Package selinux-policy

commit 29532be9f26c7839a553c708677cfd1aca6f60a9
Author: Robert Frohl <rfrohl@suse.com>
Date:   Mon Dec 15 15:04:55 2025 +0100

    Add sysnet_dontaudit_file_relabelto() interface
    
    Added for wireguard tooling that tries to relabel files during DNS setup.
    
    Resolves: bsc#1243148

diff --git a/policy/modules/system/sysnetwork.if b/policy/modules/system/sysnetwork.if
index 5085ecd0a..037c7b5c1 100644
--- a/policy/modules/system/sysnetwork.if
+++ b/policy/modules/system/sysnetwork.if
@@ -330,6 +330,24 @@ interface(`sysnet_relabelfrom_dhcpc_state',`
 	allow $1 dhcpc_state_t:file relabelfrom;
 ')
 
+#######################################
+## <summary>
+##	Dontaudit relabelto network config files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`sysnet_dontaudit_file_relabelto',`
+	gen_require(`
+		type net_conf_t;
+	')
+
+    dontaudit $1 net_conf_t:file { relabelto };
+')
+
 #######################################
 ## <summary>
 ##	Manage the dhcp client state files.

Places

File 1243148-wireguard_dns-Add-sysnet_dontaudit_file_relabelto.patch of Package selinux-policy

Places