ansible/hacking/tests/selinux/ansible-podman.te
Rick Elrod bd9e31fcb0
Add a custom policy for hackers using ansible-test (#68535)
Signed-off-by: Rick Elrod <rick@elrod.me>
2020-03-28 17:07:29 -05:00

17 lines
463 B
Text

module ansible-podman 1.0;
require {
type container_t;
type cgroup_t;
type fusefs_t;
class dir { add_name create remove_name rmdir write };
class file { create relabelto write };
class bpf map_create;
}
allow container_t cgroup_t:dir { add_name create remove_name rmdir write };
allow container_t cgroup_t:file { create write };
allow container_t fusefs_t:file relabelto;
allow container_t self:bpf map_create;