Skip to content

Commit

Permalink
Merge pull request #37 from andypitcher/centos7-fix-kubereader
Browse files Browse the repository at this point in the history
Replace kubernetes_file_t with rke_etc_t for centos7
  • Loading branch information
andypitcher authored Dec 4, 2023
2 parents 3447fb6 + 3d2e12a commit 17fe9c1
Showing 1 changed file with 4 additions and 4 deletions.
8 changes: 4 additions & 4 deletions policy/centos7/rancher.te
Original file line number Diff line number Diff line change
Expand Up @@ -9,17 +9,17 @@ gen_require(`
########################
gen_require(`
type container_runtime_t, unconfined_service_t;
type kubernetes_file_t;
type rke_etc_t;
class dir { open read search };
class file { getaddr open read };
class lnk_file { getattr read };
')
container_domain_template(rke_kubereader)
virt_sandbox_domain(rke_kubereader_t)
corenet_unconfined(rke_kubereader_t)
allow rke_kubereader_t kubernetes_file_t:dir { open read search };
allow rke_kubereader_t kubernetes_file_t:file { getattr open read };
allow rke_kubereader_t kubernetes_file_t:lnk_file { getattr read };
allow rke_kubereader_t rke_etc_t:dir { open read search };
allow rke_kubereader_t rke_etc_t:file { getattr open read };
allow rke_kubereader_t rke_etc_t:lnk_file { getattr read };

########################
# type rke_logreader_t #
Expand Down

0 comments on commit 17fe9c1

Please sign in to comment.