sec-policy/selinux-virt: Extend pipefs permissions

We need ioctl() and getattr() on these
2025-08-23 23:41:10 +02:00 · 2016-07-21 11:46:07 -07:00 · 2016-07-21 11:46:07 -07:00 · 2092fdb761
commit 2092fdb761
parent 8b9f12907b
5 changed files with 1 additions and 1 deletions
--- a/sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base-policy/selinux-base-policy-2.20141203-r13.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base-policy/selinux-base-policy-2.20141203-r13.ebuild
--- a/sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base/selinux-base-2.20141203-r13.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base/selinux-base-2.20141203-r13.ebuild
--- a/sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-unconfined/selinux-unconfined-2.20141203-r13.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-unconfined/selinux-unconfined-2.20141203-r13.ebuild
--- a/sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-virt/files/virt.diff
+++ b/sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-virt/files/virt.diff
@ -32,5 +32,5 @@ diff -u contrib.orig/virt.te contrib/virt.te
 +allow svirt_lxc_net_t self:process getpgid;
 +allow svirt_lxc_net_t svirt_lxc_file_t:file { entrypoint mounton };
 +allow svirt_lxc_net_t var_lib_t:file { entrypoint execute execute_no_trans };
-+allow svirt_lxc_net_t kernel_t:fifo_file {read write open };
+allow svirt_lxc_net_t kernel_t:fifo_file { getattr ioctl read write open };
 +
--- a/sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-virt/selinux-virt-2.20141203-r13.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-virt/selinux-virt-2.20141203-r13.ebuild