stricter fapolicy

Author: evgeni

.github/workflows/test.yml

@@ -85,7 +85,7 @@ jobs:
         # https://github.com/theforeman/foreman-fapolicyd/blob/develop/15-foreman-container.rules
         if: matrix.security == 'fapolicyd'
         run: |
-          vagrant ssh quadlet -- sudo sed -i '/^deny_audit/d' /etc/fapolicyd/rules.d/30-patterns.rules
+          vagrant ssh --command "echo 'allow perm=any pattern=ld_so exe=/usr/bin/crun : path=/usr/lib64/libsystemd.so.0' | sudo tee -a /etc/fapolicyd/rules.d/15-foremanctl.rules" quadlet
           vagrant ssh quadlet -- sudo systemctl restart fapolicyd
       - name: Run image pull
         run: |