mirror/udica
1
1
Fork 0
mirror of https://github.com/containers/udica synced 2024-10-17 12:38:12 +02:00
Code Issues

confined: Allow watching mount_var_run_t

Browse Source 
Systems with graphical interface enabled need to watch
/run/mount/utab.event

Related: https://issues.redhat.com/browse/RHEL-23637

Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
This commit is contained in:
Vit Mojzis 2024-03-27 13:10:14 +01:00
parent 131d228c6a
commit 2604f497d2
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
udica/macros/confined_user_macros.cil
View File

@ -3078,7 +3078,7 @@
(allow utype locale_t (dir (getattr open search)))
(allow utype locale_t (lnk_file (getattr watch)))
(allow utype mount_var_run_t (dir (getattr open search)))
(allow utype mount_var_run_t (file (ioctl read getattr lock open)))
(allow utype mount_var_run_t (file (ioctl read getattr lock open watch)))
(allow utype mount_var_run_t (dir (getattr open search)))
(allow utype mount_var_run_t (dir (ioctl read getattr lock open search watch watch_reads)))
(allow utype var_t (lnk_file (read getattr)))