policies: allow /usr/local again

pkg/policies/policies.go

@@ -57,27 +57,29 @@ var CustomDirectoriesPolicies = pathpolicy.NewPathPolicies(map[string]pathpolicy
 
 // CustomFilesPolicies is a set of default policies for custom files
 var CustomFilesPolicies = pathpolicy.NewPathPolicies(map[string]pathpolicy.PathPolicy{
-	"/":           {},
-	"/bin":        {Deny: true},
-	"/boot":       {Deny: true},
-	"/dev":        {Deny: true},
-	"/efi":        {Deny: true},
-	"/etc/fstab":  {Deny: true},
-	"/etc/group":  {Deny: true},
-	"/etc/passwd": {Deny: true},
-	"/etc/shadow": {Deny: true},
-	"/lib":        {Deny: true},
-	"/lib64":      {Deny: true},
-	"/lost+found": {Deny: true},
-	"/proc":       {Deny: true},
-	"/run":        {Deny: true},
-	"/sbin":       {Deny: true},
-	"/sys":        {Deny: true},
-	"/sysroot":    {Deny: true},
-	"/tmp":        {Deny: true},
-	"/usr":        {Deny: true},
-	"/var/run":    {Deny: true},
-	"/var/tmp":    {Deny: true},
+	"/":               {},
+	"/usr/local/bin":  {},
+	"/usr/local/sbin": {},
+	"/bin":            {Deny: true},
+	"/boot":           {Deny: true},
+	"/dev":            {Deny: true},
+	"/efi":            {Deny: true},
+	"/etc/fstab":      {Deny: true},
+	"/etc/group":      {Deny: true},
+	"/etc/passwd":     {Deny: true},
+	"/etc/shadow":     {Deny: true},
+	"/lib":            {Deny: true},
+	"/lib64":          {Deny: true},
+	"/lost+found":     {Deny: true},
+	"/proc":           {Deny: true},
+	"/run":            {Deny: true},
+	"/sbin":           {Deny: true},
+	"/sys":            {Deny: true},
+	"/sysroot":        {Deny: true},
+	"/tmp":            {Deny: true},
+	"/usr":            {Deny: true},
+	"/var/run":        {Deny: true},
+	"/var/tmp":        {Deny: true},
 })
 
 // MountpointPolicies for ostree