Skip to content

Commit

Permalink
Merge pull request SELinuxProject#746 from yizhao1/cryptsetup
Browse files Browse the repository at this point in the history 
fix some contexts
  • Loading branch information
@pebenito
pebenito authored Jan 3, 2024
2 parents d393e36 + 249263f commit 14a6144
Show file tree
Hide file tree
Showing 3 changed files with 3 additions and 2 deletions.
1 change: 1 addition & 0 deletions policy/modules/services/container.fc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@ HOME_DIR/\.docker(/.*)? gen_context(system_u:object_r:container_conf_home_t,s0)
/etc/containerd(/.*)? gen_context(system_u:object_r:container_config_t,s0)

/run/containers(/.*)? gen_context(system_u:object_r:container_runtime_t,s0)
/run/crun(/.*)? gen_context(system_u:object_r:container_runtime_t,s0)
/run/libpod(/.*)? gen_context(system_u:object_r:container_runtime_t,s0)
/run/runc(/.*)? gen_context(system_u:object_r:container_runtime_t,s0)

Expand Down
1 change: 1 addition & 0 deletions policy/modules/system/lvm.fc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -144,6 +144,7 @@
/var/cache/multipathd(/.*)? gen_context(system_u:object_r:lvm_metadata_t,s0)
/var/lib/multipath(/.*)? gen_context(system_u:object_r:lvm_var_lib_t,s0)
/var/lock/lvm(/.*)? gen_context(system_u:object_r:lvm_lock_t,s0)
/run/cryptsetup(/.*)? gen_context(system_u:object_r:lvm_runtime_t,s0)
/run/multipathd\.sock -s gen_context(system_u:object_r:lvm_runtime_t,s0)
/run/dmevent.* gen_context(system_u:object_r:lvm_runtime_t,s0)
/run/lvm(/.*)? gen_context(system_u:object_r:lvm_runtime_t,s0)
3 changes: 1 addition & 2 deletions policy/modules/system/lvm.te
View file
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,7 @@ files_var_lib_filetrans(lvm_t, lvm_var_lib_t, { dir file })
manage_dirs_pattern(lvm_t, lvm_runtime_t, lvm_runtime_t)
manage_files_pattern(lvm_t, lvm_runtime_t, lvm_runtime_t)
manage_sock_files_pattern(lvm_t, lvm_runtime_t, lvm_runtime_t)
files_runtime_filetrans(lvm_t, lvm_runtime_t, { file sock_file })
files_runtime_filetrans(lvm_t, lvm_runtime_t, { dir file sock_file })

read_files_pattern(lvm_t, lvm_etc_t, lvm_etc_t)
allow lvm_t lvm_etc_t:file map;
Expand Down Expand Up @@ -220,7 +220,6 @@ sysnet_write_config(lvm_t)
userdom_use_inherited_user_terminals(lvm_t)

ifdef(`init_systemd',`
fs_getattr_cgroup(lvm_t)
fs_list_pstore_dirs(lvm_t)
fs_manage_hugetlbfs_dirs(lvm_t)
fs_search_cgroup_dirs(lvm_t)
Expand Down

0 comments on commit 14a6144

Please sign in to comment.