Skip to content

Commit

Permalink
[lvm] Allow cgroup serach dir
Browse files Browse the repository at this point in the history 
Signed-off-by: Mykola Solianko <[email protected]>
  • Loading branch information
Mykola Solianko committed Aug 16, 2024
1 parent f278d77 commit 865f891
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 0 deletions.
18 changes: 18 additions & 0 deletions policy/modules/kernel/filesystem.if
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1170,6 +1170,24 @@ interface(`fs_watch_cgroup_dirs', `
allow $1 cgroup_t:dir watch;
')

########################################
## <summary>
## Search cgroup directories.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`fs_search_cgroup_dirs', `
gen_require(`
type cgroup_t;
')

allow $1 cgroup_t:dir search;
')

########################################
## <summary>
## Mount on cgroup directories.
Expand Down
1 change: 1 addition & 0 deletions policy/modules/system/lvm.te
View file
Original file line number Diff line number Diff line change
Expand Up @@ -222,6 +222,7 @@ manage_aos_sem(lvm_t)

files_allow_manage_var_files(lvm_t)
files_manage_var_dirs(lvm_t)
fs_search_cgroup_dirs(lvm_t)

miscfiles_manage_generic_cert_dirs(lvm_t)
fs_manage_bpf_dirs(lvm_t)
Expand Down

0 comments on commit 865f891

Please sign in to comment.