[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/services/

Jason Zaman Tue, 15 Jul 2025 01:06:16 -0700

commit:     11dc504ffe8283bb44dc20b0060aa2990a676a6e
Author:     Marc Schiffbauer <mschiff <AT> gentoo <DOT> org>
AuthorDate: Tue Jun 24 16:37:40 2025 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Tue Jul 15 08:04:55 2025 +0000
URL:        
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=11dc504f


dnsmasq: allow to be run by incus

Signed-off-by: Marc Schiffbauer <mschiff <AT> gentoo.org>
Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>

 policy/modules/services/dnsmasq.te | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/policy/modules/services/dnsmasq.te 
b/policy/modules/services/dnsmasq.te
index 2e492954d..270f2a21a 100644
--- a/policy/modules/services/dnsmasq.te
+++ b/policy/modules/services/dnsmasq.te
@@ -102,6 +102,13 @@ optional_policy(`
        cobbler_read_lib_files(dnsmasq_t)
 ')
 
+optional_policy(`
+       incus_stream_connect_daemon(dnsmasq_t)
+       container_manage_var_lib_files(dnsmasq_t)
+       container_manage_log_files(dnsmasq_t)
+       container_search_var_lib(dnsmasq_t)
+')
+
 optional_policy(`
        dbus_connect_system_bus(dnsmasq_t)
        dbus_system_bus_client(dnsmasq_t)

[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/services/

Reply via email to