Merge pull request #295 from haircommander/engine_t

improve container_engine_t
containers · Jan 15, 2024 · 00da6b2 · 00da6b2
2 parents 48c2b45 + 846d933
commit 00da6b2
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/container.te b/container.te
@@ -1426,7 +1426,8 @@ term_use_generic_ptys(container_engine_t)
 allow container_engine_t container_file_t:chr_file mounton;
 allow container_engine_t filesystem_type:{dir file} mounton;
 allow container_engine_t proc_kcore_t:file mounton;
-
+allow container_engine_t proc_t:filesystem remount;
+allow container_engine_t sysctl_t:{dir file} mounton;
 
 type kubelet_t, container_runtime_domain;
 domain_type(kubelet_t)