Allow to getattr files on an nsfs filesystem

fedora-selinux / selinux-policy-contrib

Fedora Policy Contributions

39 stars 66 forks source link

Allow to getattr files on an nsfs filesystem #253

Closed Richard-Filo closed 4 years ago

Richard-Filo commented 4 years ago

fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1822243

Richard-Filo commented 4 years ago

# sesearch -A -s tmpreaper_t -t nsfs_t
allow tmpreaper_t filesystem_type:dir { getattr ioctl lock open read search };

after installation of scratch build:

# sesearch -A -s tmpreaper_t -t nsfs_t
allow tmpreaper_t filesystem_type:dir { getattr ioctl lock open read search };
allow tmpreaper_t nsfs_t:file getattr;

wrabcak commented 4 years ago

LGTM.