commit: 87862dc56b934bf6ffc76a8a4864bb919cd7542c Author: Kenton Groombridge <me <AT> concord <DOT> sh> AuthorDate: Wed Mar 8 18:19:36 2023 +0000 Commit: Kenton Groombridge <concord <AT> gentoo <DOT> org> CommitDate: Fri Mar 31 17:11:32 2023 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=87862dc5
kubernetes: allow kubelet to read etc runtime files To read /etc/machine-id. Signed-off-by: Kenton Groombridge <me <AT> concord.sh> Signed-off-by: Kenton Groombridge <concord <AT> gentoo.org> policy/modules/services/kubernetes.te | 2 ++ 1 file changed, 2 insertions(+) diff --git a/policy/modules/services/kubernetes.te b/policy/modules/services/kubernetes.te index b89ffb1bc..e9d8fcdd2 100644 --- a/policy/modules/services/kubernetes.te +++ b/policy/modules/services/kubernetes.te @@ -240,6 +240,8 @@ files_search_mnt(kubelet_t) files_read_kernel_symbol_table(kubelet_t) # read /usr/share/mime/globs2 files_read_usr_files(kubelet_t) +# read /etc/machine-id +files_read_etc_runtime_files(kubelet_t) fs_getattr_tmpfs(kubelet_t) fs_search_tmpfs(kubelet_t)
