Skip to content
This repository has been archived by the owner on May 30, 2023. It is now read-only.

Commit

Permalink
sec-policy/selinux-virt: allow flannel to write into /run
Browse files Browse the repository at this point in the history 
flannel will write into /run/flannel/... so we need to provide
correct labelling for dir created by docker daemon

Signed-off-by: Mathieu Tortuyaux <mathieu@kinvolk.io>
  • Loading branch information
Mathieu Tortuyaux committed Aug 11, 2021
1 parent c0dc45d commit 56d2acd
Showing 1 changed file with 5 additions and 2 deletions.
7 changes: 5 additions & 2 deletions sec-policy/selinux-virt/files/virt.patch
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
index 4943ad79d..c89bb5c0c 100644
index 4943ad79d..8b0ed779e 100644
--- services/virt.te
+++ services/virt.te
@@ -1377,3 +1377,38 @@ sysnet_dns_name_resolve(virtlogd_t)
@@ -1377,3 +1377,41 @@ sysnet_dns_name_resolve(virtlogd_t)

virt_manage_log(virtlogd_t)
virt_read_config(virtlogd_t)
Expand Down Expand Up @@ -40,3 +40,6 @@ index 4943ad79d..c89bb5c0c 100644
+
+# this is required by flanneld
+allow svirt_lxc_net_t kernel_t:system { module_request };
+
+# required by flanneld to write into /run/flannel/subnet.env
+filetrans_pattern(kernel_t, var_run_t, svirt_lxc_file_t, dir, "flannel");

0 comments on commit 56d2acd

Please sign in to comment.