Gentoo Archives: gentoo-commits

From:	Jason Zaman <perfinion@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/services/
Date:	Sun, 30 Jan 2022 01:22:52
Message-Id:	`1643505162.95d8a0674bc68569a236d0ee1fee0962829e360b.perfinion@gentoo`

1	commit: 95d8a0674bc68569a236d0ee1fee0962829e360b
2	Author: Kenton Groombridge <me <AT> concord <DOT> sh>
3	AuthorDate: Fri Jan 21 19:05:06 2022 +0000
4	Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
5	CommitDate: Sun Jan 30 01:12:42 2022 +0000
6	URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=95d8a067
7
8	container: call podman access in container access
9
10	Signed-off-by: Kenton Groombridge <me <AT> concord.sh>
11	Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>
12
13	policy/modules/services/container.if \| 8 ++++++++
14	1 file changed, 8 insertions(+)
15
16	diff --git a/policy/modules/services/container.if b/policy/modules/services/container.if
17	index 3a229ead..d7ad3e84 100644
18	--- a/policy/modules/services/container.if
19	+++ b/policy/modules/services/container.if
20	@@ -283,6 +283,10 @@ template(`container_user_role',`
21
22	systemd_user_app_status($1, container_user_domain)
23	')
24	+
25	+ optional_policy(`
26	+ podman_user_role($1, $2, $3, $4)
27	+ ')
28	')
29
30	########################################
31	@@ -797,4 +801,8 @@ interface(`container_admin',`
32
33	fs_search_tmpfs($1)
34	admin_pattern($1, container_engine_tmpfs_t)
35	+
36	+ optional_policy(`
37	+ podman_admin($1, $2)
38	+ ')
39	')