On 2/5/21 3:18 PM, Dominick Grift wrote:
Chris PeBenito <pebenito@xxxxxxxx> writes:
On 2/2/21 10:31 PM, Russell Coker wrote:
Lots of littls changes related to systemd.
Signed-off-by: Russell Coker <russell@xxxxxxxxxxxx>
@@ -925,14 +1001,26 @@ allow systemd_nspawn_t systemd_nspawn_tm
# for /run/systemd/nspawn/incoming in chroot
allow systemd_nspawn_t systemd_nspawn_runtime_t:dir mounton;
+kernel_getattr_core_if(systemd_nspawn_t)
+kernel_getattr_proc(systemd_nspawn_t)
+kernel_getattr_unlabeled_dirs(systemd_nspawn_t)
+
kernel_mount_proc(systemd_nspawn_t)
kernel_mounton_sysctl_dirs(systemd_nspawn_t)
kernel_mounton_kernel_sysctl_files(systemd_nspawn_t)
kernel_mounton_message_if(systemd_nspawn_t)
kernel_mounton_proc(systemd_nspawn_t)
+kernel_mounton_sysctl_files(systemd_nspawn_t)
+kernel_mounton_unlabeled_dirs(systemd_nspawn_t)
With all of the mounting, perhaps we should consider coalescing on
allowing it to mount an all init_mountpoint_types.
mounton unlabeled dirs indicates that something is unlabeled/mislabeled
though. Wouldnt allow that.
Yes I agree. I noticed all the mountons but didn't notice this specific one.
--
Chris PeBenito
