# platform = multi_platform_ocp,multi_platform_rhcos
# reboot = true
# strategy = disable
# complexity = low
# disruption = medium

{{%- if product in ["almalinux9", "debian12", "debian13",  "fedora", "ol7", "ol8", "ol9", "ol10", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "sle16", "slmicro5", "slmicro6", "ubuntu2204", "ubuntu2404"] %}}
  {{%- set perm_x="%20-F%20perm%3Dx" %}}
{{%- endif %}}

apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
  config:
    ignition:
      version: 3.1.0
    storage:
      files:
      - contents:
{{% if product in ["fedora", "rhel10"] %}}
          source: data:,-a%20always%2Cexit%20-F%20arch%3Db32%20-F%20path%3D{{{ PATH }}}{{{ perm_x }}}%20-F%20auid%3E%3D{{{ auid }}}%20-F%20auid%21%3Dunset%20-F%20key%3Dprivileged%0A-a%20always%2Cexit%20-F%20arch%3Db64%20-F%20path%3D{{{ PATH }}}{{{ perm_x }}}%20-F%20auid%3E%3D{{{ auid }}}%20-F%20auid%21%3Dunset%20-F%20key%3Dprivileged%0A
{{% else %}}
          source: data:,-a%20always%2Cexit%20-F%20path%3D{{{ PATH }}}{{{ perm_x }}}%20-F%20auid%3E%3D{{{ auid }}}%20-F%20auid%21%3Dunset%20-F%20key%3Dprivileged%0A
{{% endif %}}
        mode: 0644
        path: /etc/audit/rules.d/75-{{{ NORMALIZED_PATH }}}_execution.rules
        overwrite: true