commit: bd72a9299a732f01958ce28f616be3313eb13536 Author: Kenton Groombridge <me <AT> concord <DOT> sh> AuthorDate: Thu Mar 31 18:22:01 2022 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Sat Apr 9 19:28:30 2022 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=bd72a929
podman: fix role associations Add conmon to the system role and make podman/conmon user domains user applications. Signed-off-by: Kenton Groombridge <me <AT> concord.sh> Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org> policy/modules/services/podman.te | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/policy/modules/services/podman.te b/policy/modules/services/podman.te index 316db505..e5158720 100644 --- a/policy/modules/services/podman.te +++ b/policy/modules/services/podman.te @@ -18,15 +18,16 @@ mls_trusted_object(podman_t) container_engine_domain_template(podman_user) container_user_engine(podman_user_t) -application_domain(podman_user_t, podman_exec_t) +userdom_user_application_domain(podman_user_t, podman_exec_t) mls_trusted_object(podman_user_t) type podman_conmon_t; type podman_conmon_exec_t; application_domain(podman_conmon_t, podman_conmon_exec_t) +role system_r types podman_conmon_t; type podman_conmon_user_t; -application_domain(podman_conmon_user_t, podman_conmon_exec_t) +userdom_user_application_domain(podman_conmon_user_t, podman_conmon_exec_t) ######################################## #
