1 |
commit: 3973d1bd59980dc6e122e2b8b759c03937de9173 |
2 |
Author: Kenton Groombridge <me <AT> concord <DOT> sh> |
3 |
AuthorDate: Fri Jan 21 19:05:31 2022 +0000 |
4 |
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> |
5 |
CommitDate: Sun Jan 30 01:12:42 2022 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=3973d1bd |
7 |
|
8 |
container: call docker access in container access |
9 |
|
10 |
Signed-off-by: Kenton Groombridge <me <AT> concord.sh> |
11 |
Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org> |
12 |
|
13 |
policy/modules/services/container.if | 8 ++++++++ |
14 |
1 file changed, 8 insertions(+) |
15 |
|
16 |
diff --git a/policy/modules/services/container.if b/policy/modules/services/container.if |
17 |
index 58e8c470..28699f52 100644 |
18 |
--- a/policy/modules/services/container.if |
19 |
+++ b/policy/modules/services/container.if |
20 |
@@ -284,6 +284,10 @@ template(`container_user_role',` |
21 |
systemd_user_app_status($1, container_user_domain) |
22 |
') |
23 |
|
24 |
+ optional_policy(` |
25 |
+ docker_user_role($1, $2, $3, $4) |
26 |
+ ') |
27 |
+ |
28 |
optional_policy(` |
29 |
podman_user_role($1, $2, $3, $4) |
30 |
') |
31 |
@@ -1323,6 +1327,10 @@ interface(`container_admin',` |
32 |
fs_search_tmpfs($1) |
33 |
admin_pattern($1, container_engine_tmpfs_t) |
34 |
|
35 |
+ optional_policy(` |
36 |
+ docker_admin($1, $2) |
37 |
+ ') |
38 |
+ |
39 |
optional_policy(` |
40 |
podman_admin($1, $2) |
41 |
') |