mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-24 16:01:09 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1995 from mjg59/selinux-character-nodes

Browse Source 
sec-policy/selinux-virt: Grant more permissions on chr_files
This commit is contained in:
Matthew Garrett 2016-06-13 13:55:24 -07:00 committed by GitHub
commit 8d59ca5df6
5 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base-policy/selinux-base-policy-2.20141203-r11.ebuild → sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base-policy/selinux-base-policy-2.20141203-r12.ebuild vendored
View File

0
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base/selinux-base-2.20141203-r11.ebuild → sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base/selinux-base-2.20141203-r12.ebuild vendored
View File

0
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-unconfined/selinux-unconfined-2.20141203-r11.ebuild → sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-unconfined/selinux-unconfined-2.20141203-r12.ebuild vendored
View File

2
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-virt/files/virt.diff vendored
View File

@ -27,7 +27,7 @@ diff -u contrib.orig/virt.te contrib/virt.te
+term_use_generic_ptys(svirt_lxc_net_t) +term_use_generic_ptys(svirt_lxc_net_t)
+term_setattr_generic_ptys(svirt_lxc_net_t) +term_setattr_generic_ptys(svirt_lxc_net_t)
+allow svirt_lxc_net_t tmpfs_t:chr_file { read write open }; +allow svirt_lxc_net_t tmpfs_t:chr_file { read write open };
+allow svirt_lxc_net_t svirt_lxc_file_t:chr_file { setattr }; +allow svirt_lxc_net_t svirt_lxc_file_t:chr_file { manage_file_perm };
+allow svirt_lxc_net_t self:capability sys_chroot; +allow svirt_lxc_net_t self:capability sys_chroot;
+allow svirt_lxc_net_t self:process getpgid; +allow svirt_lxc_net_t self:process getpgid;
+allow svirt_lxc_net_t svirt_lxc_file_t:file { entrypoint mounton }; +allow svirt_lxc_net_t svirt_lxc_file_t:file { entrypoint mounton };

0
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-virt/selinux-virt-2.20141203-r11.ebuild → sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-virt/selinux-virt-2.20141203-r12.ebuild vendored
View File