From c8ff1f099f32bfd7a897546f87b27e24159119de Mon Sep 17 00:00:00 2001
From: Lukas Zapletal <lzap+git@redhat.com>
Date: Tue, 19 Mar 2024 15:39:19 +0100
Subject: [PATCH] policies: allow /{usr,var}/local/bin paths

Signed-off-by: Lukas Zapletal <lzap+git@redhat.com>
---
 pkg/policies/policies.go | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/pkg/policies/policies.go b/pkg/policies/policies.go
index 5b40783a1d..7d15955715 100644
--- a/pkg/policies/policies.go
+++ b/pkg/policies/policies.go
@@ -42,13 +42,15 @@ var CustomDirectoriesPolicies = pathpolicy.NewPathPolicies(map[string]pathpolicy
 
 // CustomFilesPolicies is a set of default policies for custom files
 var CustomFilesPolicies = pathpolicy.NewPathPolicies(map[string]pathpolicy.PathPolicy{
-	"/":           {Deny: true},
-	"/etc":        {},
-	"/root":       {},
-	"/etc/fstab":  {Deny: true},
-	"/etc/shadow": {Deny: true},
-	"/etc/passwd": {Deny: true},
-	"/etc/group":  {Deny: true},
+	"/":               {Deny: true},
+	"/etc":            {},
+	"/root":           {},
+	"/usr/local/bin":  {},
+	"/usr/local/sbin": {},
+	"/etc/fstab":      {Deny: true},
+	"/etc/shadow":     {Deny: true},
+	"/etc/passwd":     {Deny: true},
+	"/etc/group":      {Deny: true},
 })
 
 // MountpointPolicies for ostree