kubernetes: allow kubelet to read etc runtime files

To read /etc/machine-id.

Signed-off-by: Kenton Groombridge <me@concord.sh>
This commit is contained in:
Kenton Groombridge 2023-03-08 13:19:36 -05:00
parent bf546e4c4f
commit 9b4e8bd875
1 changed files with 2 additions and 0 deletions

View File

@ -240,6 +240,8 @@ files_search_mnt(kubelet_t)
files_read_kernel_symbol_table(kubelet_t)
# read /usr/share/mime/globs2
files_read_usr_files(kubelet_t)
# read /etc/machine-id
files_read_etc_runtime_files(kubelet_t)
fs_getattr_tmpfs(kubelet_t)
fs_search_tmpfs(kubelet_t)