From cf8f3012f5b06e1c2db1f79141ebd8e4899d91a4 Mon Sep 17 00:00:00 2001
From: Zdenek Pytela <zpytela@redhat.com>
Date: Mon, 18 Nov 2024 18:31:44 +0100
Subject: [PATCH] Allow coreos-installer-generator execute generic programs

The commit addresses the following AVC denial:
Sep 02 13:51:25 localhost kernel: audit: type=1400 audit(1725285083.698:5): avc:  denied  { execute } for  pid=1080 comm="coreos-liveiso-" name="jq" dev="loop1" ino=3815 scontext=system_u:system_r:coreos_liveiso_autologin_generator_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file permissive=1

Resolves: rhbz#2045531
---
 policy/modules/contrib/coreos_installer.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/policy/modules/contrib/coreos_installer.te b/policy/modules/contrib/coreos_installer.te
index 1341715693..e637f20e4b 100644
--- a/policy/modules/contrib/coreos_installer.te
+++ b/policy/modules/contrib/coreos_installer.te
@@ -136,6 +136,7 @@ optional_policy(`
 
 kernel_read_proc_files(coreos_liveiso_autologin_generator_t)
 
+corecmd_exec_bin(coreos_liveiso_autologin_generator_t)
 corecmd_exec_shell(coreos_liveiso_autologin_generator_t)
 dev_write_kmsg(coreos_liveiso_autologin_generator_t)