The most recent RHEL 9.4 nightly cloud images added the "rhc" package, see https://github.com/cockpit-project/bots/pull/5724 . This package modifies the local SELinux policy, so that it appears as admin customization:

# semanage export
[...]
permissive -a rhcd_t

This is really ugly – this is supposed to be a tool for the administrator to customize the default policy, and see what they changed. Distribution packages are not supposed to use this facility – that should be part of selinux-policy instead.

This will break running semanage permissive -D, which is part of the standard "reset SELinux policy customizations to distro default" recipe (e.g. in Ansible).

Please provide the package NVR for which bug is seen:

rhc-0.2.4-3.el9_3.x86_64

How reproducible:

Always