From 3cac9e0e5d4962d619032651e19afc1ccf743dd9 Mon Sep 17 00:00:00 2001
From: Kenton Groombridge <me@concord.sh>
Date: Thu, 31 Mar 2022 14:01:39 -0400
Subject: [PATCH] sudo: allow sudo domains to create netlink selinux sockets

Signed-off-by: Kenton Groombridge <me@concord.sh>
---
 policy/modules/admin/sudo.if | 1 +
 1 file changed, 1 insertion(+)

diff --git a/policy/modules/admin/sudo.if b/policy/modules/admin/sudo.if
index 2869dfdbf..165a074b2 100644
--- a/policy/modules/admin/sudo.if
+++ b/policy/modules/admin/sudo.if
@@ -66,6 +66,7 @@ template(`sudo_role_template',`
 	allow $1_sudo_t self:sem create_sem_perms;
 	allow $1_sudo_t self:msgq create_msgq_perms;
 	allow $1_sudo_t self:msg { send receive };
+	allow $1_sudo_t self:netlink_selinux_socket create_socket_perms;
 	allow $1_sudo_t self:unix_dgram_socket create_socket_perms;
 	allow $1_sudo_t self:unix_stream_socket create_stream_socket_perms;
 	allow $1_sudo_t self:unix_dgram_socket sendto;