mirrors/passt
1
0
Fork 0
mirror of https://passt.top/passt synced 2025-06-07 00:15:34 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
passt/contrib/selinux
History
Max Chernoff 7aeda16a78 selinux: Transition to pasta_t in containers 
Currently, pasta runs in the container_runtime_exec_t context when
running in a container. This is not ideal since it means that pasta runs
with more privileges than strictly necessary. This commit updates the
SELinux policy to have pasta transition to the pasta_t context when
started from the container_runtime_t context, adds the appropriate
labels to $XDG_RUNTIME_DIR/netns and
$XDG_RUNTIME_DIR/containers/networks/rootless-netns, and grants the
necessary permissions to the pasta_t context.

Link: https://bugs.passt.top/show_bug.cgi?id=81
Link: https://github.com/containers/podman/discussions/26100#discussioncomment-13088518
Signed-off-by: Max Chernoff <git@maxchernoff.ca>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2025-06-04 12:24:01 +02:00
..
passt-repair.fc Introduce passt-repair 2025-02-04 01:28:04 +01:00
passt-repair.te passt-repair: Add directory watch 2025-03-12 21:34:36 +01:00
passt.fc selinux: Use explicit paths for binaries in file context 2023-08-18 13:18:45 +02:00
passt.if passt: Relicense to GPL 2.0, or any later version 2023-04-06 18:00:33 +02:00
passt.te selinux: Add getattr to class udp_socket 2025-05-02 12:00:51 +02:00
pasta.fc selinux: Transition to pasta_t in containers 2025-06-04 12:24:01 +02:00
pasta.te selinux: Transition to pasta_t in containers 2025-06-04 12:24:01 +02:00