17 lines
463 B
Text
17 lines
463 B
Text
module ansible-podman 1.0;
|
|
|
|
require {
|
|
type container_t;
|
|
type cgroup_t;
|
|
type fusefs_t;
|
|
class dir { add_name create remove_name rmdir write };
|
|
class file { create relabelto write };
|
|
class bpf map_create;
|
|
}
|
|
|
|
|
|
allow container_t cgroup_t:dir { add_name create remove_name rmdir write };
|
|
|
|
allow container_t cgroup_t:file { create write };
|
|
allow container_t fusefs_t:file relabelto;
|
|
allow container_t self:bpf map_create;
|