kubernetes: allow kubelet to read /proc/sys/vm files.

Kubelet checks the value of '/proc/sys/vm/panic_on_oom' before starting. Signed-off-by: Renato Caldas <renato@calgera.com>
2023-07-03 18:01:43 +01:00 · 2023-07-03 18:01:43 +01:00 · 34cba22df8
commit 34cba22df8
parent d4e64bb956
1 changed files with 1 additions and 0 deletions
--- a/policy/modules/services/kubernetes.te
+++ b/policy/modules/services/kubernetes.te
@ -273,6 +273,7 @@ kernel_read_irq_sysctls(kubelet_t)
 kernel_read_network_state(kubelet_t)
 kernel_read_system_state(kubelet_t)
 kernel_read_state(kubelet_t)
+kernel_read_vm_sysctls(kubelet_t)
 kernel_rw_kernel_sysctl(kubelet_t)
 kernel_rw_net_sysctls(kubelet_t)
 kernel_rw_vm_overcommit_sysctl(kubelet_t)