commit: 19a28130109650c10a226b67121d6697c2d53907
Author: Kenton Groombridge <concord <AT> gentoo <DOT> org>
AuthorDate: Fri Aug 9 19:45:47 2024 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sat Sep 21 22:28:29 2024 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=19a28130
testing: add container_kvm_t to net admin exempt list
Signed-off-by: Kenton Groombridge <concord <AT> gentoo.org>
Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>
testing/sechecker.ini | 1 +
1 file changed, 1 insertion(+)
diff --git a/testing/sechecker.ini b/testing/sechecker.ini
index b873b94ec..f5f85ce3e 100644
--- a/testing/sechecker.ini
+++ b/testing/sechecker.ini
@@ -241,6 +241,7 @@ exempt_source = arpwatch_t
chronyd_t # Conditional access (chronyd_hwtimestamp)
condor_startd_t
container_engine_t
+ container_kvm_t # Modify interfaces and routes for VM
networking
container_t # Conditional access
(container_use_host_all_caps)
crio_t
ctdbd_t
