From f29153d053460248fb117d5d86bd7589c96d11de Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Tue, 3 Sep 2024 14:56:42 +0200
Subject: [PATCH] Allow sysadm_t to create PF_KEY sockets

This is needed to run selinux-testsuite as sysadm_t starting with:
https://github.com/SELinuxProject/selinux-testsuite/commit/a9e631f0f1d5b11756a62679e8da073b3cc85b13

Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
---
 policy/modules/roles/sysadm.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
index 0388269b65..3b5373168c 100644
--- a/policy/modules/roles/sysadm.te
+++ b/policy/modules/roles/sysadm.te
@@ -15,6 +15,7 @@ allow sysadm_t self:netlink_generic_socket create_socket_perms;
 allow sysadm_t self:tipc_socket create_socket_perms;
 allow sysadm_t self:sctp_socket create_socket_perms;
 allow sysadm_t self:rawip_socket create_socket_perms;
+allow sysadm_t self:key_socket create_socket_perms;
 
 allow sysadm_t self:system all_system_perms;