Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChris PeBenito <Christopher.PeBenito@microsoft.com>2022-05-23 15:23:27 +0000
committerJason Zaman <perfinion@gentoo.org>2022-09-03 11:41:55 -0700
commit29f587850e2b7daede9940359bf7b7ed852136a6 (patch)
tree2b97480a88f9b07a5176fe595fb35347382ff3dc
parentcontainer: Allow container engines to connect to http cache ports. (diff)
downloadhardened-refpolicy-29f587850e2b7daede9940359bf7b7ed852136a6.tar.gz
hardened-refpolicy-29f587850e2b7daede9940359bf7b7ed852136a6.tar.bz2
hardened-refpolicy-29f587850e2b7daede9940359bf7b7ed852136a6.zip
container: Getattr generic device nodes.
There should be no device_t device nodes, but add access in case they exist. Saw containerd fail to start containers if it couldn't stat() all devices. Signed-off-by: Chris PeBenito <Christopher.PeBenito@microsoft.com> Signed-off-by: Jason Zaman <perfinion@gentoo.org>
Diffstat
-rw-r--r--policy/modules/services/container.te2
1 files changed, 2 insertions, 0 deletions
diff --git a/policy/modules/services/container.te b/policy/modules/services/container.te
index 8043ed0c..a3cccdfb 100644
--- a/policy/modules/services/container.te
+++ b/policy/modules/services/container.te
@@ -422,6 +422,8 @@ corenet_rw_tun_tap_dev(container_engine_domain)
dev_getattr_all_blk_files(container_engine_domain)
dev_getattr_all_chr_files(container_engine_domain)
+dev_getattr_generic_blk_files(container_engine_domain)
+dev_getattr_generic_chr_files(container_engine_domain)
dev_setattr_null_dev(container_engine_domain)
dev_getattr_fs(container_engine_domain)
dev_remount_fs(container_engine_domain)