From eb2bd380b145c03a28a46bdef8d2b4d3480acaff Mon Sep 17 00:00:00 2001
From: aleskandro <aleskandro@redhat.com>
Date: Thu, 18 Jul 2024 22:37:58 +0100
Subject: [PATCH] Adds SELinux custom module for the afterburn systemd units

the afterburn systemd units fail as the SELinux domain of the afterburn binary is restricted from changing the content of files in /run, /run/metadata and /home/$user/.ssh. This commit adds a afterburn-custom.cil SELinux module to allow the afterburn services to succeed and the nodes to properly join a cluster. The module is loaded by the okd-selinux.service implemented by 336013fcc9406063eeaf0aa4c7cffda310a2a449

Refers #1555
---
 overlay.d/50scos/usr/lib/okd/selinux/afterburn-permissive.cil | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 overlay.d/50scos/usr/lib/okd/selinux/afterburn-permissive.cil

diff --git a/overlay.d/50scos/usr/lib/okd/selinux/afterburn-permissive.cil b/overlay.d/50scos/usr/lib/okd/selinux/afterburn-permissive.cil
new file mode 100644
index 00000000..cba47b87
--- /dev/null
+++ b/overlay.d/50scos/usr/lib/okd/selinux/afterburn-permissive.cil
@@ -0,0 +1,3 @@
+; https://issues.redhat.com/browse/RHEL-49735
+(typeattributeset cil_gen_require afterburn_t)
+(typepermissive afterburn_t)