1 |
commit: 95d8a0674bc68569a236d0ee1fee0962829e360b |
2 |
Author: Kenton Groombridge <me <AT> concord <DOT> sh> |
3 |
AuthorDate: Fri Jan 21 19:05:06 2022 +0000 |
4 |
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> |
5 |
CommitDate: Sun Jan 30 01:12:42 2022 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=95d8a067 |
7 |
|
8 |
container: call podman access in container access |
9 |
|
10 |
Signed-off-by: Kenton Groombridge <me <AT> concord.sh> |
11 |
Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org> |
12 |
|
13 |
policy/modules/services/container.if | 8 ++++++++ |
14 |
1 file changed, 8 insertions(+) |
15 |
|
16 |
diff --git a/policy/modules/services/container.if b/policy/modules/services/container.if |
17 |
index 3a229ead..d7ad3e84 100644 |
18 |
--- a/policy/modules/services/container.if |
19 |
+++ b/policy/modules/services/container.if |
20 |
@@ -283,6 +283,10 @@ template(`container_user_role',` |
21 |
|
22 |
systemd_user_app_status($1, container_user_domain) |
23 |
') |
24 |
+ |
25 |
+ optional_policy(` |
26 |
+ podman_user_role($1, $2, $3, $4) |
27 |
+ ') |
28 |
') |
29 |
|
30 |
######################################## |
31 |
@@ -797,4 +801,8 @@ interface(`container_admin',` |
32 |
|
33 |
fs_search_tmpfs($1) |
34 |
admin_pattern($1, container_engine_tmpfs_t) |
35 |
+ |
36 |
+ optional_policy(` |
37 |
+ podman_admin($1, $2) |
38 |
+ ') |
39 |
') |