sec-policy/selinux-virt: Grant more permissions on chr_files

apt seems to use character device nodes for a couple of things, so give the full set of permissions for them when operating in the container's own context.
2025-08-24 16:01:09 +02:00 · 2016-06-01 14:13:11 -07:00 · 2016-06-01 14:13:11 -07:00 · e7a2a92b66
commit e7a2a92b66
parent ea43677d10
5 changed files with 1 additions and 1 deletions
--- a/sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base-policy/selinux-base-policy-2.20141203-r12.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base-policy/selinux-base-policy-2.20141203-r12.ebuild
--- a/sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base/selinux-base-2.20141203-r12.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base/selinux-base-2.20141203-r12.ebuild
--- a/sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-unconfined/selinux-unconfined-2.20141203-r12.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-unconfined/selinux-unconfined-2.20141203-r12.ebuild
--- a/sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-virt/files/virt.diff
+++ b/sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-virt/files/virt.diff
@ -27,7 +27,7 @@ diff -u contrib.orig/virt.te contrib/virt.te
 +term_use_generic_ptys(svirt_lxc_net_t)
 +term_setattr_generic_ptys(svirt_lxc_net_t)
 +allow svirt_lxc_net_t tmpfs_t:chr_file { read write open };
-+allow svirt_lxc_net_t svirt_lxc_file_t:chr_file { setattr };
+allow svirt_lxc_net_t svirt_lxc_file_t:chr_file { manage_file_perm };
 +allow svirt_lxc_net_t self:capability sys_chroot;
 +allow svirt_lxc_net_t self:process getpgid;
 +allow svirt_lxc_net_t svirt_lxc_file_t:file { entrypoint mounton };
--- a/sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-virt/selinux-virt-2.20141203-r12.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-virt/selinux-virt-2.20141203-r12.ebuild