Dominick Grift <dominick.grift@xxxxxxxxxxx> writes: > Russell Coker <russell@xxxxxxxxxxxx> writes: > >> Would vhost_device_t be the right type for /dev/vhost-vsock? >> >> https://wiki.qemu.org/Features/VirtioVsock >> >> This seems to be the documentation for it. > > this is the "ptrace" equivalent for applications that use user > namespaces like, i think, firefox and flatpak. This event will surface > if you do a `ps auxZ` when you have a running instance of a application > the uses user name spaces. > > In the case of firefox you would for example append it below this line: > https://github.com/SELinuxProject/refpolicy/blob/master/policy/modules/apps/mozilla.if#L40 > like so: > allow $2 mozilla_t:cap_userns sys_ptrace; err, no. its more like "allow $2 self:cap_userns sys_ptrace;" -- gpg --locate-keys dominick.grift@xxxxxxxxxxx Key fingerprint = FCD2 3660 5D6B 9D27 7FC6 E0FF DA7E 521F 10F6 4098 https://sks-keyservers.net/pks/lookup?op=get&search=0xDA7E521F10F64098 Dominick Grift
