Gentoo Archives: gentoo-commits

From: Jason Zaman <perfinion@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/services/
Date: Sun, 30 Jan 2022 01:22:55
Message-Id: 1643505162.3973d1bd59980dc6e122e2b8b759c03937de9173.perfinion@gentoo
1 commit: 3973d1bd59980dc6e122e2b8b759c03937de9173
2 Author: Kenton Groombridge <me <AT> concord <DOT> sh>
3 AuthorDate: Fri Jan 21 19:05:31 2022 +0000
4 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
5 CommitDate: Sun Jan 30 01:12:42 2022 +0000
6 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=3973d1bd
7
8 container: call docker access in container access
9
10 Signed-off-by: Kenton Groombridge <me <AT> concord.sh>
11 Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>
12
13 policy/modules/services/container.if | 8 ++++++++
14 1 file changed, 8 insertions(+)
15
16 diff --git a/policy/modules/services/container.if b/policy/modules/services/container.if
17 index 58e8c470..28699f52 100644
18 --- a/policy/modules/services/container.if
19 +++ b/policy/modules/services/container.if
20 @@ -284,6 +284,10 @@ template(`container_user_role',`
21 systemd_user_app_status($1, container_user_domain)
22 ')
23
24 + optional_policy(`
25 + docker_user_role($1, $2, $3, $4)
26 + ')
27 +
28 optional_policy(`
29 podman_user_role($1, $2, $3, $4)
30 ')
31 @@ -1323,6 +1327,10 @@ interface(`container_admin',`
32 fs_search_tmpfs($1)
33 admin_pattern($1, container_engine_tmpfs_t)
34
35 + optional_policy(`
36 + docker_admin($1, $2)
37 + ')
38 +
39 optional_policy(`
40 podman_admin($1, $2)
41 ')