mozilla: Allow user namespace creation.

Signed-off-by: Chris PeBenito <chpebeni@linux.microsoft.com>
2023-03-02 15:59:49 -05:00 · 2023-03-02 15:59:49 -05:00 · de41a207b9
parent ffd80c42c9
commit de41a207b9
1 changed files with 1 additions and 0 deletions
--- a/policy/modules/apps/mozilla.te
+++ b/policy/modules/apps/mozilla.te
@ -76,6 +76,7 @@ xdg_cache_content(mozilla_xdg_cache_t)
 allow mozilla_t self:capability { setgid setuid sys_nice };
 allow mozilla_t self:cap_userns { sys_admin sys_chroot sys_ptrace };
 allow mozilla_t self:process { sigkill signal setcap setsched getsched setrlimit };
+allow mozilla_t self:user_namespace create;
 allow mozilla_t self:fifo_file rw_fifo_file_perms;
 allow mozilla_t self:shm create_shm_perms;
 allow mozilla_t self:sem create_sem_perms;