Merge pull request #1995 from mjg59/selinux-character-nodes

sec-policy/selinux-virt: Grant more permissions on chr_files
2025-08-24 16:01:09 +02:00 · 2016-06-13 13:55:24 -07:00 · 2016-06-13 13:55:24 -07:00 · 8d59ca5df6
commit 8d59ca5df6
parent f28ea9c11f e7a2a92b66
5 changed files with 1 additions and 1 deletions
--- a/sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base-policy/selinux-base-policy-2.20141203-r12.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base-policy/selinux-base-policy-2.20141203-r12.ebuild
--- a/sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base/selinux-base-2.20141203-r12.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base/selinux-base-2.20141203-r12.ebuild
--- a/sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-unconfined/selinux-unconfined-2.20141203-r12.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-unconfined/selinux-unconfined-2.20141203-r12.ebuild
--- a/sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-virt/files/virt.diff
+++ b/sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-virt/files/virt.diff
@ -27,7 +27,7 @@ diff -u contrib.orig/virt.te contrib/virt.te
 +term_use_generic_ptys(svirt_lxc_net_t)
 +term_setattr_generic_ptys(svirt_lxc_net_t)
 +allow svirt_lxc_net_t tmpfs_t:chr_file { read write open };
-+allow svirt_lxc_net_t svirt_lxc_file_t:chr_file { setattr };
+allow svirt_lxc_net_t svirt_lxc_file_t:chr_file { manage_file_perm };
 +allow svirt_lxc_net_t self:capability sys_chroot;
 +allow svirt_lxc_net_t self:process getpgid;
 +allow svirt_lxc_net_t svirt_lxc_file_t:file { entrypoint mounton };
--- a/sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-virt/selinux-virt-2.20141203-r12.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-virt/selinux-virt-2.20141203-r12.ebuild