From 6d2ceaacdaa9a6bce361af8c2eaa6b4a1eb132ea Mon Sep 17 00:00:00 2001
From: Zdenek Pytela <zpytela@redhat.com>
Date: Fri, 3 Jan 2025 11:28:26 +0100
Subject: [PATCH] Allow virtqemud domain transition on numad execution

The commit addresses the following AVC denial:
type=AVC msg=audit(1730798043.779:27002): avc:  denied  { execute } for  pid=1041433 comm="rpc-virtqemud" name="numad" dev="vda4" ino=1646 scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:numad_exec_t:s0 tclass=file permissive=1

Resolves: RHEL-65789
---
 policy/modules/contrib/virt.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/policy/modules/contrib/virt.te b/policy/modules/contrib/virt.te
index a325cb01ad..5fdfcc3553 100644
--- a/policy/modules/contrib/virt.te
+++ b/policy/modules/contrib/virt.te
@@ -2274,6 +2274,10 @@ optional_policy(`
 	dnsmasq_filetrans_named_content_fromdir(virtqemud_t, virtqemud_var_run_t)
 ')
 
+optional_policy(`
+	numad_domtrans(virtqemud_t)
+')
+
 optional_policy(`
 	qemu_exec(virtqemud_t)
 ')