commit: d3f848f176741b7a2df860ec4ffba055e5bcc5e6 Author: Kenton Groombridge <concord <AT> gentoo <DOT> org> AuthorDate: Fri Aug 9 14:35:43 2024 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Sat Sep 21 22:28:29 2024 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=d3f848f1
container: allow reading generic certs There are cases where one may want to mount certs on the host into a container. Signed-off-by: Kenton Groombridge <concord <AT> gentoo.org> Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org> policy/modules/services/container.te | 1 + 1 file changed, 1 insertion(+) diff --git a/policy/modules/services/container.te b/policy/modules/services/container.te index e9f59e516..8fcd88e1e 100644 --- a/policy/modules/services/container.te +++ b/policy/modules/services/container.te @@ -389,6 +389,7 @@ libs_dontaudit_setattr_lib_files(container_domain) miscfiles_read_localization(container_domain) miscfiles_dontaudit_setattr_fonts_cache_dirs(container_domain) miscfiles_read_fonts(container_domain) +miscfiles_read_generic_certs(container_domain) mta_dontaudit_read_spool_symlinks(container_domain)
