Allow policykit to watch it's directory.

node=localhost type=AVC msg=audit(1701959029.653:505): avc:  denied  { watch } for  pid=1861 comm="pkla-check-auth" path="/var/lib/polkit-1/localauthority/10-vendor.d" dev="dm-9" ino=262176 scontext=system_u:system_r:policykit_t:s0 tcontext=system_u:object_r:policykit_var_lib_t:s0 tclass=dir permissive=1

Signed-off-by: Dave Sugar <[email protected]>

policy/modules/services/policykit.te

@@ -76,6 +76,7 @@ allow policykit_t self:unix_stream_socket { accept connectto listen };
 
 rw_files_pattern(policykit_t, policykit_reload_t, policykit_reload_t)
 
+allow policykit_t policykit_var_lib_t:dir watch;
 manage_files_pattern(policykit_t, policykit_var_lib_t, policykit_var_lib_t)
 
 manage_dirs_pattern(policykit_t, policykit_runtime_t, policykit_runtime_t)