Skip to content

Commit

Permalink
[container] Add interface to remount devpts filesystem
Browse files Browse the repository at this point in the history 
Signed-off-by: Mykola Solianko <[email protected]>
  • Loading branch information
@al1img
Mykola Solianko authored and al1img committed Jul 25, 2024
1 parent 0351874 commit d846024
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 0 deletions.
18 changes: 18 additions & 0 deletions policy/modules/kernel/terminal.if
View file
Original file line number Diff line number Diff line change
Expand Up @@ -148,6 +148,24 @@ interface(`term_mount_devpts',`
allow $1 devpts_t:filesystem mount;
')

########################################
## <summary>
## remount a devpts_t filesystem
## </summary>
## <param name="domain">
## <summary>
## The type of the process to remount it
## </summary>
## </param>
#
interface(`term_remount_devpts',`
gen_require(`
type devpts_t;
')

allow $1 devpts_t:filesystem remount;
')

########################################
## <summary>
## Create directory /dev/pts.
Expand Down
2 changes: 2 additions & 0 deletions policy/modules/services/container.te
View file
Original file line number Diff line number Diff line change
Expand Up @@ -751,6 +751,8 @@ kernel_read_vm_overcommit_sysctl(container_engine_t)

kernel_search_vm_sysctl(container_engine_t)

term_remount_devpts(container_engine_t)

ifdef(`init_systemd',`
# needed by runc, which is also invoked by other engines
init_run_bpf(container_engine_domain)
Expand Down

0 comments on commit d846024

Please sign in to comment.