From 3e7b1f2c0943e671fb41212cd68785d7a21f9a62 Mon Sep 17 00:00:00 2001
From: Zdenek Pytela <zpytela@redhat.com>
Date: Mon, 18 Nov 2024 18:30:45 +0100
Subject: [PATCH] Allow coreos-installer domain transition on udev execution

The commit addresses the following AVC denial:
AVC avc:  denied  { getattr } for  pid=1201 comm="coreos-installe" path="/usr/bin/udevadm" dev="loop1" ino=4263 scontext=system_u:system_r:coreos_installer_t:s0 tcontext=system_u:object_r:udev_exec_t:s0 tclass=file permissive=0

Resolves: rhbz#2305385
---
 policy/modules/contrib/coreos_installer.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/policy/modules/contrib/coreos_installer.te b/policy/modules/contrib/coreos_installer.te
index 9f1a653abf..1341715693 100644
--- a/policy/modules/contrib/coreos_installer.te
+++ b/policy/modules/contrib/coreos_installer.te
@@ -84,6 +84,10 @@ optional_policy(`
 	sysnet_dns_name_resolve(coreos_installer_t)
 ')
 
+optional_policy(`
+	udev_domtrans(coreos_installer_t)
+')
+
 ########################################
 #
 # coreos_boot_mount_generator