mirror/ udica
1
1
Fork 0
mirror of https://github.com/containers/udica synced 2024-05-11 23:46:11 +02:00
Code Issues

confined: allow asynchronous I/O operations 

Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
This commit is contained in:
Vit Mojzis 2024-03-04 12:59:53 +01:00
parent f411c14698
commit 131d228c6a
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
udica/macros/confined_user_macros.cil
View File

@ -4012,6 +4012,13 @@
(allow remote_login_t utype (process (signal transition)))
(allow utype self (bpf (prog_load)))
)
; asynchronous I/O operations RHEL 10
(optional confinedom_user_login_optional_4
(typeattributeset cil_gen_require io_uring_t)
(allow utype self (io_uring (sqpoll)))
(allow utype io_uring_t (anon_inode (create)))
(allow utype io_uring_t (anon_inode (read write getattr map)))
)
)
(macro confined_ssh_connect_macro ((type utype) (role urole) (type ssh_agent_type))