container: allow super privileged containers to manage BPF dirs

Seen on a recent update to Cilium. Signed-off-by: Kenton Groombridge <concord@gentoo.org> Signed-off-by: Jason Zaman <perfinion@gentoo.org>
author: Kenton Groombridge <concord@gentoo.org> 2024-08-07 16:54:09 -0400
committer: Jason Zaman <perfinion@gentoo.org> 2024-09-21 15:28:29 -0700
commit: d15a97c13a82e5a4ba930f2fd5e823bbef3ce0da (patch)
tree: 6e003f7b51ae6a19c6d6bdca1f192082f9f91e56 /policy/modules/services/container.te
parent: kubernetes: allow kubelet to create unlabeled dirs (diff)
download: hardened-refpolicy-d15a97c13a82e5a4ba930f2fd5e823bbef3ce0da.tar.gz
hardened-refpolicy-d15a97c13a82e5a4ba930f2fd5e823bbef3ce0da.tar.bz2
hardened-refpolicy-d15a97c13a82e5a4ba930f2fd5e823bbef3ce0da.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/policy/modules/services/container.te b/policy/modules/services/container.te
index 864fae70..66b16e4e 100644
--- a/policy/modules/services/container.te
+++ b/policy/modules/services/container.te
@@ -1041,7 +1041,7 @@ fs_mounton_cgroup(spc_t)
 fs_manage_cgroup_dirs(spc_t)
 fs_manage_cgroup_files(spc_t)
 fs_mount_bpf(spc_t)
-fs_create_bpf_dirs(spc_t)
+fs_manage_bpf_dirs(spc_t)
 fs_manage_bpf_files(spc_t)
 fs_manage_bpf_symlinks(spc_t)
 fs_mounton_fusefs(spc_t)
author	Kenton Groombridge <concord@gentoo.org>	2024-08-07 16:54:09 -0400
committer	Jason Zaman <perfinion@gentoo.org>	2024-09-21 15:28:29 -0700
commit	d15a97c13a82e5a4ba930f2fd5e823bbef3ce0da (patch)
tree	6e003f7b51ae6a19c6d6bdca1f192082f9f91e56 /policy/modules/services/container.te
parent	kubernetes: allow kubelet to create unlabeled dirs (diff)
download	hardened-refpolicy-d15a97c13a82e5a4ba930f2fd5e823bbef3ce0da.tar.gz hardened-refpolicy-d15a97c13a82e5a4ba930f2fd5e823bbef3ce0da.tar.bz2 hardened-refpolicy-d15a97c13a82e5a4ba930f2fd5e823bbef3ce0da.zip