chromium: Allow user namespace creation.

closes #600 Signed-off-by: Chris PeBenito <chpebeni@linux.microsoft.com>
2023-03-02 09:01:24 -05:00 · 2023-03-02 09:01:24 -05:00 · ffd80c42c9
commit ffd80c42c9
parent 0e1cc1e01e
1 changed files with 1 additions and 0 deletions
--- a/policy/modules/apps/chromium.te
+++ b/policy/modules/apps/chromium.te
@ -96,6 +96,7 @@ allow chromium_t self:file create;
 allow chromium_t self:fifo_file rw_fifo_file_perms;
 allow chromium_t self:sem create_sem_perms;
 allow chromium_t self:netlink_kobject_uevent_socket client_stream_socket_perms;
+allow chromium_t self:user_namespace create;
 # cap_userns sys_admin for the sandbox
 allow chromium_t self:cap_userns { sys_admin sys_chroot sys_ptrace };