From 63eb92569832d6ff4471160f5c0e8dfa6dd3162c Mon Sep 17 00:00:00 2001
From: Jonathan Davies <jd+github@upthedownstair.com>
Date: Sat, 24 Apr 2021 17:14:06 +0100
Subject: [PATCH] staff.te: Allow staff access to the virt stream, needed for
 when the sockets are access remotely over SSH.

Signed-off-by: Jonathan Davies <jd+github@upthedownstair.com>
---
 policy/modules/roles/staff.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
index c95d491ce..2700290f0 100644
--- a/policy/modules/roles/staff.te
+++ b/policy/modules/roles/staff.te
@@ -60,6 +60,10 @@ optional_policy(`
 	syncthing_role(staff_r, staff_t)
 ')
 
+optional_policy(`
+	virt_stream_connect(staff_t)
+')
+
 optional_policy(`
 	vlock_run(staff_t, staff_r)
 ')