Merge pull request #243 from rhatdan/map

Allow containers which use devices to map them
containers · May 14, 2023 · c1c72fc · c1c72fc
2 parents eca999a + 8dc0977
commit c1c72fc
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/container.te b/container.te
@@ -1,4 +1,4 @@
-policy_module(container, 2.212.0)
+policy_module(container, 2.213.0)
 
 gen_require(`
 	class passwd rootok;
@@ -1327,8 +1327,8 @@ optional_policy(`
 ')
 
 tunable_policy(`container_use_devices',`
-	allow container_domain device_node:chr_file rw_chr_file_perms;
-	allow container_domain device_node:blk_file rw_blk_file_perms;
+	allow container_domain device_node:chr_file {rw_chr_file_perms map};
+	allow container_domain device_node:blk_file {rw_blk_file_perms map};
 ')
 
 tunable_policy(`virt_sandbox_use_sys_admin',`