confined: allow asynchronous I/O operations

Signed-off-by: Vit Mojzis <[email protected]>
containers · Mar 4, 2024 · 131d228 · 131d228
1 parent f411c14
commit 131d228
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/udica/macros/confined_user_macros.cil b/udica/macros/confined_user_macros.cil
@@ -4012,6 +4012,13 @@
       (allow remote_login_t utype (process (signal transition)))
       (allow utype self (bpf (prog_load)))
     )
+    ; asynchronous I/O operations RHEL 10
+    (optional  confinedom_user_login_optional_4
+      (typeattributeset cil_gen_require io_uring_t)
+      (allow utype self (io_uring (sqpoll)))
+      (allow utype io_uring_t (anon_inode (create)))
+      (allow utype io_uring_t (anon_inode (read write getattr map)))
+    )
 )
 
 (macro confined_ssh_connect_macro ((type utype) (role urole) (type ssh_agent_type))