sec-policy/selinux-virt: allow flanneld to load module

Signed-off-by: Mathieu Tortuyaux <mathieu@kinvolk.io>
2025-08-17 18:06:59 +02:00 · 2021-08-11 17:50:29 +02:00 · 2021-08-11 17:50:29 +02:00 · 0cde021595
commit 0cde021595
parent 5c5b78cb8d
1 changed files with 5 additions and 2 deletions
--- a/sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-virt/files/virt.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-virt/files/virt.patch
@ -1,7 +1,7 @@
-index 256ea58..f72fbba 100644
+index 4943ad79d..c89bb5c0c 100644
 --- services/virt.te
 +++ services/virt.te
-@@ -1378,3 +1378,35 @@ sysnet_dns_name_resolve(virtlogd_t)
+@@ -1377,3 +1377,38 @@ sysnet_dns_name_resolve(virtlogd_t)
 
 virt_manage_log(virtlogd_t)
 virt_read_config(virtlogd_t)
@ -37,3 +37,6 @@ index 256ea58..f72fbba 100644
 +allow svirt_lxc_net_t kernel_t:fifo_file { getattr ioctl read write open append };
 +allow svirt_lxc_net_t initrc_t:fifo_file { getattr ioctl read write open append };
 +filetrans_pattern(kernel_t, etc_t, svirt_lxc_file_t, dir, "cni");
+
+# this is required by flanneld
+allow svirt_lxc_net_t kernel_t:system { module_request };