Skip to content

Commit

Permalink
selinux: align 4.13 policy
Browse files Browse the repository at this point in the history
the 4.13 policy used to be the odd one, but since
the platform fixed it previous quirks, time to align
also our custom policy.

Signed-off-by: Francesco Romani <[email protected]>
  • Loading branch information
ffromani committed Feb 14, 2024
1 parent 149ef9d commit 8a48332
Showing 1 changed file with 1 addition and 2 deletions.
3 changes: 1 addition & 2 deletions pkg/assets/selinux/policy/ocp_v4.13.cil
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,5 @@
;
; Allow to RTE pod connect, read and write permissions to /var/lib/kubelet/pod-resource/kubelet.sock
(allow process container_var_lib_t (sock_file (open getattr read write ioctl lock append)))
(allow process container_var_lib_t (unix_stream_socket (connectto)))
(allow process unconfined_service_t (unix_stream_socket (connectto)))
(allow process kubelet_t (unix_stream_socket (connectto)))
)

0 comments on commit 8a48332

Please sign in to comment.