From 1c05d3333073c510f0f073b0e6d2671556b235b8 Mon Sep 17 00:00:00 2001
From: Jonathan Davies <jpds@protonmail.com>
Date: Mon, 14 Jun 2021 15:01:22 +0100
Subject: [PATCH] dracut.te: Use libs_run_ldconfig() instead of exec.

Signed-off-by: Jonathan Davies <jpds@protonmail.com>
---
 policy/modules/contrib/dracut.te | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/policy/modules/contrib/dracut.te b/policy/modules/contrib/dracut.te
index 1d1a2c1441..5c01b72433 100644
--- a/policy/modules/contrib/dracut.te
+++ b/policy/modules/contrib/dracut.te
@@ -13,6 +13,9 @@ logging_log_file(dracut_var_log_t)
 type dracut_tmp_t;
 files_tmp_file(dracut_tmp_t)
 
+attribute_role dracut_roles;
+role dracut_roles types dracut_t;
+
 ########################################
 #
 # Local policy
@@ -65,7 +68,7 @@ files_unconfined(dracut_t)
 
 fs_getattr_xattr_fs(dracut_t)
 
-libs_exec_ldconfig(dracut_t)
+libs_run_ldconfig(dracut_t, dracut_roles)
 libs_exec_ld_so(dracut_t)
 libs_exec_lib_files(dracut_t)