Merge pull request #612 from jcpunk/local-path-provisioner

container: set default context for local-path-provisioner
SELinuxProject · Apr 28, 2023 · d22e18a · d22e18a
2 parents ad527f9 + f52070b
commit d22e18a
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/policy/modules/services/container.fc b/policy/modules/services/container.fc
@@ -32,6 +32,8 @@ HOME_DIR/\.docker(/.*)? gen_context(system_u:object_r:container_conf_home_t,s0)
 
 /opt/cni(/.*)? gen_context(system_u:object_r:container_plugin_t,s0)
 
+/opt/local-path-provisioner(/.*)? gen_context(system_u:object_r:container_file_t,s0)
+
 /etc/containers(/.*)? gen_context(system_u:object_r:container_config_t,s0)
 /etc/cni(/.*)? gen_context(system_u:object_r:container_config_t,s0)
 /etc/docker(/.*)? gen_context(system_u:object_r:container_config_t,s0)
@@ -100,6 +102,8 @@ HOME_DIR/\.docker(/.*)? gen_context(system_u:object_r:container_conf_home_t,s0)
 /var/lib/etcd(/.*)? gen_context(system_u:object_r:container_file_t,s0)
 /var/lib/kube-proxy(/.*)? gen_context(system_u:object_r:container_file_t,s0)
 
+/var/local-path-provisioner(/.*)? gen_context(system_u:object_r:container_file_t,s0)
+
 /var/log/containerd(/.*)? gen_context(system_u:object_r:container_log_t,s0)
 /var/log/containers(/.*)? gen_context(system_u:object_r:container_log_t,s0)
 /var/log/crio(/.*)? gen_context(system_u:object_r:container_log_t,s0)