From 0ebf95c319d8627cc4c3a921a28fdedc83f96a19 Mon Sep 17 00:00:00 2001
From: Eero Kelly <eero.kelly@dfinity.org>
Date: Mon, 26 Aug 2024 13:40:32 +0000
Subject: [PATCH] Fix sshd stability

---
 ic-os/components/selinux/systemd-fixes/systemd-fixes.te | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/ic-os/components/selinux/systemd-fixes/systemd-fixes.te b/ic-os/components/selinux/systemd-fixes/systemd-fixes.te
index 4aa7dd2ee24..8e25d3ed91c 100644
--- a/ic-os/components/selinux/systemd-fixes/systemd-fixes.te
+++ b/ic-os/components/selinux/systemd-fixes/systemd-fixes.te
@@ -153,6 +153,12 @@ systemd_connect_userdb(local_login_t)
 # ssh also needs access to userdb
 systemd_connect_userdb(sshd_t)
 
+###############################################################################
+# systemd-notify
+
+require { type systemd_runtime_notify_t; }
+allow sshd_t systemd_runtime_notify_t : sock_file write_sock_file_perms;
+
 ###############################################################################
 # pcscd