Skip to content

Commit

Permalink
Merge pull request #535 from rhatdan/selinux
Browse files Browse the repository at this point in the history 
Allow qm_t ipc_lock capabilty
  • Loading branch information
@rhatdan
rhatdan authored Sep 3, 2024
2 parents dbc6c64 + dbe7d25 commit 64fc09a
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion qm.if
View file
Original file line number Diff line number Diff line change
Expand Up @@ -146,7 +146,7 @@ template(`qm_domain_template',`
allow $1_t self:user_namespace all_user_namespace_perms;
allow $1_t self:bpf { map_create map_read map_write prog_load prog_run };
allow $1_t self:cap_userns { audit_write chown dac_override dac_read_search fowner fsetid kill net_bind_service net_admin net_raw setfcap setgid setpcap setuid sys_admin sys_boot sys_chroot sys_ptrace sys_resource };
allow $1_t self:capability { audit_write chown dac_override dac_read_search fowner fsetid kill net_bind_service net_admin net_raw setfcap setgid setpcap setuid sys_admin sys_boot sys_chroot sys_nice sys_ptrace sys_resource sys_tty_config };
allow $1_t self:capability { audit_write chown dac_override dac_read_search fowner fsetid ipc_lock kill net_bind_service net_admin net_raw setfcap setgid setpcap setuid sys_admin sys_boot sys_chroot sys_nice sys_ptrace sys_resource sys_tty_config };
allow $1_t self:capability2 { audit_read bpf perfmon};

allow $1_t self:packet_socket create_socket_perms;
Expand Down

0 comments on commit 64fc09a

Please sign in to comment.