Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
path: root/policy/modules
diff options
context:
space:
mode:
authorKenton Groombridge <concord@gentoo.org>2024-06-27 10:22:39 -0400
committerJason Zaman <perfinion@gentoo.org>2024-09-21 15:28:29 -0700
commit2fda3dda1e782bd6f877d3ae2d5f6913a198b0b5 (patch)
treee073ea6bb04d89fb72a03721a3fb86ef5667eed2 /policy/modules
parentsysadm: make haproxy admin (diff)
downloadhardened-refpolicy-2fda3dda1e782bd6f877d3ae2d5f6913a198b0b5.tar.gz
hardened-refpolicy-2fda3dda1e782bd6f877d3ae2d5f6913a198b0b5.tar.bz2
hardened-refpolicy-2fda3dda1e782bd6f877d3ae2d5f6913a198b0b5.zip
container: allow containers to execute tmpfs files
Signed-off-by: Kenton Groombridge <concord@gentoo.org> Signed-off-by: Jason Zaman <perfinion@gentoo.org>
Diffstat (limited to 'policy/modules')
-rw-r--r--policy/modules/services/container.te1
1 files changed, 1 insertions, 0 deletions
diff --git a/policy/modules/services/container.te b/policy/modules/services/container.te
index 98368d5c8..864fae707 100644
--- a/policy/modules/services/container.te
+++ b/policy/modules/services/container.te
@@ -317,6 +317,7 @@ allow container_domain container_ro_file_t:sock_file read_sock_file_perms;
fs_tmpfs_filetrans(container_domain, container_tmpfs_t, { dir file fifo_file lnk_file sock_file })
manage_dirs_pattern(container_domain, container_tmpfs_t, container_tmpfs_t)
mmap_manage_files_pattern(container_domain, container_tmpfs_t, container_tmpfs_t)
+mmap_exec_files_pattern(container_domain, container_tmpfs_t, container_tmpfs_t)
manage_fifo_files_pattern(container_domain, container_tmpfs_t, container_tmpfs_t)
manage_lnk_files_pattern(container_domain, container_tmpfs_t, container_tmpfs_t)
manage_sock_files_pattern(container_domain, container_tmpfs_t, container_tmpfs_t)