Commit 76fd546
committed
selinux: Allow pasta to create and use its control socket when started by Podman
If Podman starts us, we need to be able to create and use a UNIX
domain socket file under ifconfig_var_run_t or container_var_run_t:
add the related permissions.
The failure reported by Jan would have been fixed by a simple:
allow pasta_t ifconfig_var_run_t:sock_file create;
but we'll need more than that for actual operation with pesto(1),
and to cover all possible cases.
Reported-by: Jan Rodák <jrodak@redhat.com>
Link: podman-container-tools/podman#28478
Fixes: 5335770 ("selinux: Add file context and type enforcement for pesto")
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>1 parent cea2d19 commit 76fd546
1 file changed
Lines changed: 2 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
253 | 253 | | |
254 | 254 | | |
255 | 255 | | |
| 256 | + | |
| 257 | + | |
256 | 258 | | |
257 | 259 | | |
258 | 260 | | |
| |||
0 commit comments