From d0c8cc2186ef48eb9c387d026e5cdd8bd275e15d Mon Sep 17 00:00:00 2001
From: Zdenek Pytela <zpytela@redhat.com>
Date: Thu, 24 Mar 2022 15:22:33 +0100
Subject: [PATCH] Change the selinuxuser_execstack boolean value to true

With the d5bb233ea22 ("Do not change selinuxuser_execmod and
selinuxuser_execstack") commit, the default "off" value of
selinuxuser_execmod and selinuxuser_execstack booleans stopped
being switched to "on" by the selinux-policy package build configuration
to keep their default "off" value.

It turned out subsequently the execstack permission is required by some
tools like virt-v2v or when packages like glibc or binutils are rebuilt.
It is also needed by many 3rd party software packages.
As a result, the value of selinuxuser_execstack needs to be changed
to "on" again.

Resolves: rhbz#2064274
---
 booleans-targeted.conf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/booleans-targeted.conf b/booleans-targeted.conf
index 274d3cc1..b62755a1 100644
--- a/booleans-targeted.conf
+++ b/booleans-targeted.conf
@@ -12,6 +12,7 @@ pppd_can_insmod = false
 privoxy_connect_any = true
 selinuxuser_direct_dri_enabled = true
 selinuxuser_execmem = true
+selinuxuser_execstack = true
 selinuxuser_rw_noexattrfile=true
 selinuxuser_ping = true
 squid_connect_any = true