From ce0726dc68d229a30dafaa2e8516a9e2d4bef6c2 Mon Sep 17 00:00:00 2001
From: Jian Zhang <jiazha@redhat.com>
Date: Sun, 27 Apr 2025 17:54:11 +0800
Subject: [PATCH] UPSTREAM: <carry>: set the SElinux type

Signed-off-by: Jian Zhang <jiazha@redhat.com>
---
 .../openshift/olmv1-ns/patches/manager_deployment_certs.yaml   | 3 +++
 ...ployment-openshift-catalogd-catalogd-controller-manager.yml | 2 ++
 2 files changed, 5 insertions(+)

diff --git a/openshift/catalogd/kustomize/overlays/openshift/olmv1-ns/patches/manager_deployment_certs.yaml b/openshift/catalogd/kustomize/overlays/openshift/olmv1-ns/patches/manager_deployment_certs.yaml
index 2d5ece67b..fb3b3b8e1 100644
--- a/openshift/catalogd/kustomize/overlays/openshift/olmv1-ns/patches/manager_deployment_certs.yaml
+++ b/openshift/catalogd/kustomize/overlays/openshift/olmv1-ns/patches/manager_deployment_certs.yaml
@@ -19,3 +19,6 @@
 - op: add
   path: /spec/template/spec/containers/0/env
   value: [{"name":"SSL_CERT_DIR", "value":"/var/ca-certs"}]
+- op: add
+  path: /spec/template/spec/securityContext/seLinuxOptions
+  value: {"type":"spc_t"}
diff --git a/openshift/catalogd/manifests/16-deployment-openshift-catalogd-catalogd-controller-manager.yml b/openshift/catalogd/manifests/16-deployment-openshift-catalogd-catalogd-controller-manager.yml
index 2859102f7..348a36099 100644
--- a/openshift/catalogd/manifests/16-deployment-openshift-catalogd-catalogd-controller-manager.yml
+++ b/openshift/catalogd/manifests/16-deployment-openshift-catalogd-catalogd-controller-manager.yml
@@ -97,6 +97,8 @@ spec:
         node-role.kubernetes.io/master: ""
       securityContext:
         runAsNonRoot: true
+        seLinuxOptions:
+          type: spc_t
         seccompProfile:
           type: RuntimeDefault
       serviceAccountName: catalogd-controller-manager