From da720386c89481ee1846b853b99087b5e3fa93a3 Mon Sep 17 00:00:00 2001
From: Zac Mrowicki <mrowicki@amazon.com>
Date: Wed, 2 Aug 2023 21:34:23 +0000
Subject: [PATCH] selinux: Add network_exec label for systemd-networkd

This change adds the network_exec label to systemd-networkd and
systemd-networkd-wait-online, which is what wicked currently has and
gives access to /etc and DBUS.
---
 packages/selinux-policy/fs.cil | 1 +
 1 file changed, 1 insertion(+)

diff --git a/packages/selinux-policy/fs.cil b/packages/selinux-policy/fs.cil
index 4a948861bf4..d5fbba96c56 100644
--- a/packages/selinux-policy/fs.cil
+++ b/packages/selinux-policy/fs.cil
@@ -51,6 +51,7 @@
 (filecon "/.*/usr/sbin/chronyd" file clock_exec)
 (filecon "/.*/usr/sbin/wicked.*" file network_exec)
 (filecon "/.*/usr/libexec/wicked/bin/wicked.*" file network_exec)
+(filecon "/.*/usr/lib/systemd/systemd-networkd.*" file network_exec)
 (filecon "/.*/usr/bin/containerd.*" file runtime_exec)
 (filecon "/.*/usr/bin/docker.*" file runtime_exec)
 (filecon "/.*/usr/bin/host-ctr" file runtime_exec)