devices: label /dev/sysdig0

`sysdig` is a tool that enables introspecting the system, debugging it,
etc. It uses a driver that creates `/dev/sysdig0`. Define a specific
label in order to be able to allow using it.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
This commit is contained in:
Nicolas Iooss 2020-04-19 11:40:59 +02:00
parent dd04789465
commit 1a13a5410b
No known key found for this signature in database
GPG Key ID: C191415F340DAAA0
3 changed files with 26 additions and 0 deletions

View File

@ -113,6 +113,7 @@
/dev/snapshot -c gen_context(system_u:object_r:acpi_bios_t,s0)
/dev/sndstat -c gen_context(system_u:object_r:sound_device_t,s0)
/dev/sonypi -c gen_context(system_u:object_r:v4l_device_t,s0)
/dev/sysdig[0-9] -c gen_context(system_u:object_r:sysdig_device_t,s0)
/dev/tee[0-9] -c gen_context(system_u:object_r:tee_device_t,s0)
/dev/teepriv[0-9] -c gen_context(system_u:object_r:tee_priv_device_t,s0)
/dev/tlk[0-3] -c gen_context(system_u:object_r:v4l_device_t,s0)

View File

@ -4176,6 +4176,25 @@ interface(`dev_manage_smartcard',`
manage_chr_files_pattern($1, device_t, smartcard_device_t)
')
########################################
## <summary>
## Read, write and map the sysdig device.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_rw_sysdig',`
gen_require(`
type device_t, sysdig_device_t;
')
rw_chr_files_pattern($1, device_t, sysdig_device_t)
allow $1 sysdig_device_t:chr_file map;
')
########################################
## <summary>
## Mount a filesystem on sysfs.

View File

@ -255,6 +255,12 @@ dev_node(smartcard_device_t)
type sound_device_t;
dev_node(sound_device_t)
#
# Type for sysdig device
#
type sysdig_device_t;
dev_node(sysdig_device_t)
#
# sysfs_t is the type for the /sys pseudofs
#