Allow init create vsock socket for sshd

Resolves: RHEL-72549

policy/modules/services/ssh.if

@@ -1166,3 +1166,21 @@ interface(`ssh_getattr_unit_file',`
 	systemd_search_unit_dirs($1)
 	allow $1 sshd_unit_file_t:file getattr_file_perms;
 ')
+
+#######################################
+## <summary>
+##	Allow caller to create vsock socket for sshd
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`ssh_create_vsock_socket',`
+	gen_require(`
+		type sshd_t;
+	')
+
+	allow $1 sshd_t:vsock_socket create_stream_socket_perms;
+')

policy/modules/system/init.te

@@ -854,6 +854,7 @@ optional_policy(`
 
 optional_policy(`
 	ssh_getattr_server_keys(init_t)
+	ssh_create_vsock_socket(init_t)
 ')
 
 optional_policy(`