From b97849f22d7ed2e728bc322fbbaa4801c4420d2b Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Wed, 23 Nov 2011 15:02:39 -0500
Subject: [PATCH] Namespace_init needs to execute shell

---
 policy/modules/apps/namespace.te | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/policy/modules/apps/namespace.te b/policy/modules/apps/namespace.te
index 6d4ec21c..a337d62f 100644
--- a/policy/modules/apps/namespace.te
+++ b/policy/modules/apps/namespace.te
@@ -22,6 +22,8 @@ allow namespace_init_t self:unix_stream_socket create_stream_socket_perms;
 
 kernel_read_system_state(namespace_init_t)
 
+corecmd_exec_shell(namespace_init_t)
+
 domain_use_interactive_fds(namespace_init_t)
 
 files_read_etc_files(namespace_init_t)
-- 
2.47.3