mirror of
https://github.com/containers/udica
synced 2024-09-28 11:00:10 +02:00
db10deb2c3
For the log_rw_container it wasn't possible to create new files, which is something that's normally required. So we're adding this capability, while still not allowing that container to rename that directory or remove files from it as a security measure. The audit_log_t file was also modified to be more restrictive for the log_rw_container block, so we only allow reads now. However, the write capability was left for the log_manage_container block. |
||
---|---|---|
.. | ||
base_container.cil | ||
config_container.cil | ||
home_container.cil | ||
log_container.cil | ||
net_container.cil | ||
tmp_container.cil | ||
tty_container.cil | ||
virt_container.cil | ||
x_container.cil |