container: allow containers to getsession

Found to be required by a jellyfin container when testing. Signed-off-by: Kenton Groombridge <me@concord.sh>
2022-01-24 11:08:50 -05:00 · 2022-01-24 11:08:50 -05:00 · 86b90b4bc7
commit 86b90b4bc7
parent f4d34fcc34
1 changed files with 1 additions and 1 deletions
--- a/policy/modules/services/container.te
+++ b/policy/modules/services/container.te
@ -150,7 +150,7 @@ corenet_port(container_port_t)

 allow container_domain self:capability { dac_override kill setgid setuid sys_boot sys_chroot };
 allow container_domain self:cap_userns { chown dac_override fowner setgid setuid };
-allow container_domain self:process { execstack execmem getattr signal_perms getsched setsched setcap setpgid };
+allow container_domain self:process { execstack execmem getattr getsched getsession setsched setcap setpgid signal_perms };
 allow container_domain self:fifo_file manage_fifo_file_perms;
 allow container_domain self:sem create_sem_perms;
 allow container_domain self:shm create_shm_perms;