search

containers / udica

This repository contains a tool for generating SELinux security profiles for containers
GNU General Public License v3.0
488 stars 47 forks source link

Add policy generation for fifo_files #85

Closed PatrickLaneville closed 3 years ago

PatrickLaneville commented 3 years ago

Is your feature request related to a problem? Please describe. When using udica to generate SELinux policies I am unable to get access to the fifo_files in my container mounts. Describe the solution you'd like I would like the policy generated by udica to include the same access to fifo_files as it does sock_files within the mount points of my containers. Describe alternatives you've considered Modify the CIL policy by handing before loading the module. Have a flag in udica for the different object classes that I want to be able to access within the mounts of my container. Additional context Containers can currently manage fifo’s with the following type labels: container_file_t https://github.com/containers/container-selinux/blob/d89a599e3d3c362ec178600ed04c72f337c10d28/container.te#L796

wrabcak commented 3 years ago

Hi @PatrickLaneville ,

I added some bits to the udica code, we need to fix CI to improve tests to follow new fifo files.

Thanks, Lukas.