From 5f49d2b69290c4887045fca1343452442b39a1d3 Mon Sep 17 00:00:00 2001
From: Jonathan Davies <jpds@protonmail.com>
Date: Fri, 25 Mar 2022 00:29:42 +0000
Subject: [PATCH] systemd.if: Allowed reading systemd_userdbd_runtime_t
 symlinks in systemd_stream_connect_userdb().

Signed-off-by: Jonathan Davies <jpds@protonmail.com>
---
 policy/modules/system/systemd.if | 1 +
 1 file changed, 1 insertion(+)

diff --git a/policy/modules/system/systemd.if b/policy/modules/system/systemd.if
index e68a9b443..264438dad 100644
--- a/policy/modules/system/systemd.if
+++ b/policy/modules/system/systemd.if
@@ -1250,6 +1250,7 @@ interface(`systemd_stream_connect_userdb', `
 
 	init_search_runtime($1)
 	allow $1 systemd_userdbd_runtime_t:dir list_dir_perms;
+	allow $1 systemd_userdbd_runtime_t:lnk_file read_lnk_file_perms;
 	stream_connect_pattern($1, systemd_userdbd_runtime_t, systemd_userdbd_runtime_t, systemd_userdbd_t)
 	init_unix_stream_socket_connectto($1)
 ')