32 lines
1.4 KiB
Diff
32 lines
1.4 KiB
Diff
diff -up container-selinux-2.240.0/container.if.390 container-selinux-2.240.0/container.if
|
|
--- container-selinux-2.240.0/container.if.390 2025-09-19 07:03:21.827502160 +0200
|
|
+++ container-selinux-2.240.0/container.if 2025-09-19 07:03:35.383197574 +0200
|
|
@@ -19,6 +19,7 @@ interface(`container_runtime_domtrans',`
|
|
corecmd_search_bin($1)
|
|
domtrans_pattern($1, container_runtime_exec_t, container_runtime_t)
|
|
allow container_runtime_t $1:fifo_file setattr;
|
|
+ allow $1 container_runtime_t:bpf prog_run;
|
|
')
|
|
|
|
########################################
|
|
diff -up container-selinux-2.240.0/container.te.390 container-selinux-2.240.0/container.te
|
|
--- container-selinux-2.240.0/container.te.390 2025-09-19 07:03:25.942964294 +0200
|
|
+++ container-selinux-2.240.0/container.te 2025-09-19 07:04:49.113508085 +0200
|
|
@@ -744,7 +744,7 @@ optional_policy(`
|
|
allow unconfined_domain_type { container_var_lib_t container_ro_file_t }:file entrypoint;
|
|
fs_fusefs_entrypoint(unconfined_domain_type)
|
|
|
|
- domtrans_pattern(unconfined_domain_type, container_runtime_exec_t , container_runtime_t)
|
|
+ container_runtime_domtrans(unconfined_domain_type)
|
|
')
|
|
|
|
optional_policy(`
|
|
@@ -1335,6 +1335,7 @@ container_manage_share_files(init_t)
|
|
container_manage_share_dirs(init_t)
|
|
container_filetrans_named_content(init_t)
|
|
container_runtime_read_tmpfs_files(init_t)
|
|
+allow init_t container_runtime_t:bpf prog_run;
|
|
|
|
gen_require(`
|
|
attribute device_node;
|