Closed wrabcak closed 6 years ago
When I run a container using X socket and tty:
$ podman run --security-opt label=type:retroshare.process --net host -v /tmp/.X11-unix:/tmp/.X11-unix -v /home/plautrba/.retroshare:/root/.retroshare -i -t retroshare bash -c 'export DISPLAY=:0; retroshare'
I need to allow the following rules:
#============= retroshare.process ============== allow retroshare.process devtty_t:chr_file { open read write }; allow retroshare.process dri_device_t:chr_file { getattr ioctl read write }; allow retroshare.process proc_t:file { open read }; allow retroshare.process proc_t:lnk_file read; allow retroshare.process unconfined_dbusd_t:unix_stream_socket connectto; allow retroshare.process urandom_device_t:chr_file { open read }; allow retroshare.process xserver_t:fd use; allow retroshare.process xserver_t:unix_stream_socket connectto; #============= xserver_t ============== allow xserver_t retroshare.process:dir search; allow xserver_t retroshare.process:file { open read };
It would be great to have container blocks for these two areas which could be used by udica options, --X-access, --tty-access, or something like that
Author: @bachradsusi
When I run a container using X socket and tty:
I need to allow the following rules:
It would be great to have container blocks for these two areas which could be used by udica options, --X-access, --tty-access, or something like that
Author: @bachradsusi