container: allow containers to execute tmpfs files

Signed-off-by: Kenton Groombridge <concord@gentoo.org>
2024-06-27 10:22:39 -04:00 · 2024-06-27 10:22:39 -04:00 · 50a8cddd10
parent 4e97f87cee
commit 50a8cddd10
1 changed files with 1 additions and 0 deletions
--- a/policy/modules/services/container.te
+++ b/policy/modules/services/container.te
@ -317,6 +317,7 @@ allow container_domain container_ro_file_t:sock_file read_sock_file_perms;
 fs_tmpfs_filetrans(container_domain, container_tmpfs_t, { dir file fifo_file lnk_file sock_file })
 manage_dirs_pattern(container_domain, container_tmpfs_t, container_tmpfs_t)
 mmap_manage_files_pattern(container_domain, container_tmpfs_t, container_tmpfs_t)
+mmap_exec_files_pattern(container_domain, container_tmpfs_t, container_tmpfs_t)
 manage_fifo_files_pattern(container_domain, container_tmpfs_t, container_tmpfs_t)
 manage_lnk_files_pattern(container_domain, container_tmpfs_t, container_tmpfs_t)
 manage_sock_files_pattern(container_domain, container_tmpfs_t, container_tmpfs_t)