container: add tunable to use dri devices
Signed-off-by: Kenton Groombridge <me@concord.sh>
This commit is contained in:
Kenton Groombridge
parent
3ae0575114
commit
6c2124d5ae
@ -38,9 +38,16 @@ gen_tunable(container_read_public_content, false)
|
|||||||
gen_tunable(container_spc_create_nfs_servers, false)
|
gen_tunable(container_spc_create_nfs_servers, false)
|
||||||
|
|
||||||
## <desc>
|
## <desc>
|
||||||
## <p>
|
## <p>
|
||||||
## Allow containers to use eCryptfs filesystems.
|
## Allow containers to use direct rendering devices.
|
||||||
## </p>
|
## </p>
|
||||||
|
## </desc>
|
||||||
|
gen_tunable(container_use_dri, false)
|
||||||
|
|
||||||
|
## <desc>
|
||||||
|
## <p>
|
||||||
|
## Allow containers to use eCryptfs filesystems.
|
||||||
|
## </p>
|
||||||
## </desc>
|
## </desc>
|
||||||
gen_tunable(container_use_ecryptfs, false)
|
gen_tunable(container_use_ecryptfs, false)
|
||||||
|
|
||||||
@ -311,6 +318,10 @@ tunable_policy(`container_read_public_content',`
|
|||||||
miscfiles_watch_public_dirs(container_domain)
|
miscfiles_watch_public_dirs(container_domain)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
tunable_policy(`container_use_dri',`
|
||||||
|
dev_rw_dri(container_domain)
|
||||||
|
')
|
||||||
|
|
||||||
tunable_policy(`container_use_ecryptfs',`
|
tunable_policy(`container_use_ecryptfs',`
|
||||||
fs_manage_ecryptfs_dirs(container_domain)
|
fs_manage_ecryptfs_dirs(container_domain)
|
||||||
fs_manage_ecryptfs_files(container_domain)
|
fs_manage_ecryptfs_files(container_domain)
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user