various: various fixes

Signed-off-by: Kenton Groombridge <concord@gentoo.org>
author: Kenton Groombridge <concord@gentoo.org> 2024-05-06 17:46:06 -0400
committer: Kenton Groombridge <concord@gentoo.org> 2024-05-14 13:41:54 -0400
commit: 5a4608dfd87f63d1c61c5105f52dd70af5217bd0 (patch)
tree: 531f9755a05bb395f0f7035beb98b9d2eeb44e8e /policy/modules/services
parent: container, crio, kubernetes: minor fixes (diff)
download: hardened-refpolicy-5a4608dfd87f63d1c61c5105f52dd70af5217bd0.tar.gz
hardened-refpolicy-5a4608dfd87f63d1c61c5105f52dd70af5217bd0.tar.bz2
hardened-refpolicy-5a4608dfd87f63d1c61c5105f52dd70af5217bd0.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/policy/modules/services/kubernetes.te b/policy/modules/services/kubernetes.te
index 3ba666299..839635026 100644
--- a/policy/modules/services/kubernetes.te
+++ b/policy/modules/services/kubernetes.te
@@ -618,6 +618,8 @@ userdom_use_user_terminals(kubectl_domain)
 # kubectl local policy
 #
 
+dontaudit kubectl_t self:capability { sys_admin sys_resource };
+
 kernel_dontaudit_getattr_proc(kubectl_t)
 
 auth_use_nsswitch(kubectl_t)
author	Kenton Groombridge <concord@gentoo.org>	2024-05-06 17:46:06 -0400
committer	Kenton Groombridge <concord@gentoo.org>	2024-05-14 13:41:54 -0400
commit	5a4608dfd87f63d1c61c5105f52dd70af5217bd0 (patch)
tree	531f9755a05bb395f0f7035beb98b9d2eeb44e8e /policy/modules/services
parent	container, crio, kubernetes: minor fixes (diff)
download	hardened-refpolicy-5a4608dfd87f63d1c61c5105f52dd70af5217bd0.tar.gz hardened-refpolicy-5a4608dfd87f63d1c61c5105f52dd70af5217bd0.tar.bz2 hardened-refpolicy-5a4608dfd87f63d1c61c5105f52dd70af5217bd0.zip