Add watch permissions to selinux-policy and update policy rules for domains requiring this access. The permissions list is: watch watch_mount watch_sb watch_with_perm watch_reads
Test coverage for this bug exists in a form of PR: * https://src.fedoraproject.org/tests/selinux/pull-request/170 The PR waits for review.
This bug appears to have been reported against 'rawhide' during the Fedora 34 development cycle. Changing version to 34.
Adding the original pull request link for the future reference: https://github.com/fedora-selinux/selinux-policy/pull/546