commit: 08e6022ae0fe8d137a6946961c87ef9ef5208465 Author: Laurent Bigonville <bigon <AT> bigon <DOT> be> AuthorDate: Wed Feb 2 11:34:02 2022 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Mon Feb 7 02:09:50 2022 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=08e6022a
container: On Debian, runc is installed in /usr/sbin Signed-off-by: Laurent Bigonville <bigon <AT> bigon.be> Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org> policy/modules/services/container.fc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/policy/modules/services/container.fc b/policy/modules/services/container.fc index ef5ad3b6..63f1537d 100644 --- a/policy/modules/services/container.fc +++ b/policy/modules/services/container.fc @@ -24,6 +24,8 @@ HOME_DIR/\.local/share/docker/volumes(/.*)? gen_context(system_u:object_r:conta /usr/lib/systemd/system/docker.* -- gen_context(system_u:object_r:container_unit_t,s0) /usr/lib/systemd/system/containerd.* -- gen_context(system_u:object_r:container_unit_t,s0) +/usr/sbin/runc -- gen_context(system_u:object_r:container_engine_exec_t,s0) + /etc/containers(/.*)? gen_context(system_u:object_r:container_config_t,s0) /etc/cni(/.*)? gen_context(system_u:object_r:container_config_t,s0) /etc/docker(/.*)? gen_context(system_u:object_r:container_config_t,s0)
