From fccee972a96787e1a318a2e5e4fe6b6f6b26a7e2 Mon Sep 17 00:00:00 2001
From: Zdenek Pytela <zpytela@redhat.com>
Date: Wed, 8 Jan 2025 18:04:38 +0100
Subject: [PATCH] Allow ssh generator work with systemd unit files

Resolves: RHEL-72549
---
 policy/modules/system/systemd.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
index 25e4a5cd12..29af776d1e 100644
--- a/policy/modules/system/systemd.te
+++ b/policy/modules/system/systemd.te
@@ -1293,6 +1293,7 @@ init_exec_script_files(systemd_rc_local_generator_t)
 ### ssh generator
 allow systemd_ssh_generator_t self:vsock_socket create;
 allow systemd_ssh_generator_t vsock_device_t:chr_file { read_chr_file_perms };
+allow systemd_ssh_generator_t systemd_unit_file_t:file { create_file_perms rw_file_perms };
 
 kernel_read_sysctl(systemd_ssh_generator_t)