Skip to content

Commit

Permalink
Add labels for /var/lib/shared
Browse files Browse the repository at this point in the history 
We have been talking about this directory for years for
shared storage of container images, so setting the
SELinux labels for it.

Signed-off-by: Daniel J Walsh <[email protected]>
  • Loading branch information
@rhatdan
rhatdan committed May 10, 2023
1 parent e235f7d commit 5dbe436
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 0 deletions.
1 change: 1 addition & 0 deletions container.fc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,7 @@
/etc/crio(/.*)? gen_context(system_u:object_r:container_config_t,s0)
/exports(/.*)? gen_context(system_u:object_r:container_var_lib_t,s0)

/var/lib/shared(/.*)? gen_context(system_u:object_r:container_ro_file_t,s0)
/var/lib/registry(/.*)? gen_context(system_u:object_r:container_var_lib_t,s0)
/var/lib/lxc(/.*)? gen_context(system_u:object_r:container_var_lib_t,s0)
/var/lib/lxd(/.*)? gen_context(system_u:object_r:container_var_lib_t,s0)
Expand Down
1 change: 1 addition & 0 deletions container.if
View file
Original file line number Diff line number Diff line change
Expand Up @@ -522,6 +522,7 @@ interface(`container_filetrans_named_content',`
files_var_lib_filetrans($1, container_ro_file_t, dir, "kata-containers")
files_var_lib_filetrans($1, container_var_lib_t, dir, "containerd")
files_var_lib_filetrans($1, container_var_lib_t, dir, "buildkit")
files_var_lib_filetrans($1, container_ro_file_t, dir, "shared")

filetrans_pattern($1, container_var_lib_t, container_file_t, dir, "_data")
filetrans_pattern($1, container_var_lib_t, container_ro_file_t, file, "config.env")
Expand Down

0 comments on commit 5dbe436

Please sign in to comment.