From 93245b38c6f4d13175dfe3b3f30cd24628c7891e Mon Sep 17 00:00:00 2001
From: Yi Zhao <yi.zhao@windriver.com>
Date: Tue, 12 Oct 2021 22:00:54 +0800
Subject: [PATCH] rpcbind: allow sysadm to run rpcinfo

Fixes:
$ rpcinfo
rpcinfo: can't contact rpcbind: RPC: Remote system error - Permission denied

avc:  denied  { connectto } for  pid=543 comm="rpcinfo"
path="/run/rpcbind.sock" scontext=root:sysadm_r:sysadm_t t
context=system_u:system_r:rpcbind_t tclass=unix_stream_socket
permissive=0

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
 policy/modules/services/rpcbind.if | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/policy/modules/services/rpcbind.if b/policy/modules/services/rpcbind.if
index e473ab710..b815d02de 100644
--- a/policy/modules/services/rpcbind.if
+++ b/policy/modules/services/rpcbind.if
@@ -162,4 +162,6 @@ interface(`rpcbind_admin',`
 
 	files_search_var_lib($1)
 	admin_pattern($1, rpcbind_var_lib_t)
+
+	rpcbind_stream_connect($1)
 ')