aboutgitcodebugslistschat
path: root/contrib/selinux
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/selinux')
-rw-r--r--contrib/selinux/pasta.te4
1 files changed, 3 insertions, 1 deletions
diff --git a/contrib/selinux/pasta.te b/contrib/selinux/pasta.te
index 3eb58f6..fb51416 100644
--- a/contrib/selinux/pasta.te
+++ b/contrib/selinux/pasta.te
@@ -149,7 +149,7 @@ allow pasta_t root_t:dir mounton;
manage_files_pattern(pasta_t, pasta_pid_t, pasta_pid_t)
files_pid_filetrans(pasta_t, pasta_pid_t, file)
-allow pasta_t user_tmp_t:dir { add_name read remove_name search watch write };
+allow pasta_t user_tmp_t:dir { add_name open read remove_name search watch write };
allow pasta_t user_tmp_t:fifo_file append;
allow pasta_t user_tmp_t:file { create open write };
allow pasta_t user_tmp_t:sock_file { create unlink };
@@ -249,7 +249,9 @@ type_transition container_runtime_t user_tmp_t : dir ifconfig_var_run_t "netns";
type_transition container_runtime_t container_var_run_t : dir ifconfig_var_run_t "netns";
type_transition container_runtime_t user_tmp_t : dir ifconfig_var_run_t "rootless-netns";
type_transition container_runtime_t container_var_run_t : dir ifconfig_var_run_t "rootless-netns";
+allow pasta_t container_var_run_t:dir { add_name open rmdir write };
allow pasta_t ifconfig_var_run_t:dir { add_name open rmdir write };
+allow pasta_t container_var_run_t:file { create open write };
allow pasta_t ifconfig_var_run_t:file { create open write };
allow systemd_user_runtimedir_t ifconfig_var_run_t:dir rmdir;
generated by cgit v1.2.3 (git 2.25.1) at 2026-01-18 06:35:26 +0000