From f52070b3cfd28466836dc76226eb262e01ea7905 Mon Sep 17 00:00:00 2001 From: Pat Riehecky Date: Tue, 18 Apr 2023 10:11:13 -0500 Subject: [PATCH] container: set default context for local-path-provisioner The kubernetes local-path-provisioner uses either /opt/local-path-provisioner or /var/local-path-provisioner for its physical volumes Signed-off-by: Pat Riehecky --- policy/modules/services/container.fc | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/policy/modules/services/container.fc b/policy/modules/services/container.fc index 056aa6023..49e5d59bb 100644 --- a/policy/modules/services/container.fc +++ b/policy/modules/services/container.fc @@ -32,6 +32,8 @@ HOME_DIR/\.docker(/.*)? gen_context(system_u:object_r:container_conf_home_t,s0) /opt/cni(/.*)? gen_context(system_u:object_r:container_plugin_t,s0) +/opt/local-path-provisioner(/.*)? gen_context(system_u:object_r:container_file_t,s0) + /etc/containers(/.*)? gen_context(system_u:object_r:container_config_t,s0) /etc/cni(/.*)? gen_context(system_u:object_r:container_config_t,s0) /etc/docker(/.*)? gen_context(system_u:object_r:container_config_t,s0) @@ -100,6 +102,8 @@ HOME_DIR/\.docker(/.*)? gen_context(system_u:object_r:container_conf_home_t,s0) /var/lib/etcd(/.*)? gen_context(system_u:object_r:container_file_t,s0) /var/lib/kube-proxy(/.*)? gen_context(system_u:object_r:container_file_t,s0) +/var/local-path-provisioner(/.*)? gen_context(system_u:object_r:container_file_t,s0) + /var/log/containerd(/.*)? gen_context(system_u:object_r:container_log_t,s0) /var/log/containers(/.*)? gen_context(system_u:object_r:container_log_t,s0) /var/log/crio(/.*)? gen_context(system_u:object_r:container_log_t,s0)