Namespace_init needs to execute shell

diff --git a/policy/modules/apps/namespace.te b/policy/modules/apps/namespace.te
index 6d4ec21c6c030bb112914fb9880433b15b9cb621..a337d62fe46114ddf41f96549e999af010c4a368 100644 (file)
--- a/policy/modules/apps/namespace.te
+++ b/policy/modules/apps/namespace.te
@@ -22,6 +22,8 @@ allow namespace_init_t self:unix_stream_socket create_stream_socket_perms;
 
 kernel_read_system_state(namespace_init_t)
 
+corecmd_exec_shell(namespace_init_t)
+
 domain_use_interactive_fds(namespace_init_t)
 
 files_read_etc_files(namespace_init_t)