diff options
| author |   Kenton Groombridge <me@concord.sh> | 2022-01-17 20:17:44 -0500 |
|---|---|---|
| committer |   Jason Zaman <perfinion@gentoo.org> | 2022-01-29 17:15:06 -0800 |
| commit | 3a6f1fdc625af28d62c7906f4e8666a7ae8661dd (patch) | |
| tree | 52d2b7989f4c1ccd745903f2df10c370f6d5a12e /config/appconfig-standard | |
| parent | container: drop old commented rules (diff) | |
| download | hardened-refpolicy-3a6f1fdc625af28d62c7906f4e8666a7ae8661dd.tar.gz hardened-refpolicy-3a6f1fdc625af28d62c7906f4e8666a7ae8661dd.tar.bz2 hardened-refpolicy-3a6f1fdc625af28d62c7906f4e8666a7ae8661dd.zip | |
lxc_contexts: add ro_file and sandbox_lxc_process contexts
Signed-off-by: Kenton Groombridge <me@concord.sh>
Signed-off-by: Jason Zaman <perfinion@gentoo.org>
Diffstat (limited to 'config/appconfig-standard')
| -rw-r--r-- | config/appconfig-standard/lxc_contexts | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/config/appconfig-standard/lxc_contexts b/config/appconfig-standard/lxc_contexts index 2cf33ddb..f2d6ef9b 100644 --- a/config/appconfig-standard/lxc_contexts +++ b/config/appconfig-standard/lxc_contexts @@ -1,3 +1,5 @@ process = "system_u:system_r:container_t" content = "system_u:object_r:virt_var_lib_t" file = "system_u:object_r:container_file_t" +ro_file = "system_u:object_r:container_ro_file_t:s0" +sandbox_lxc_process = "system_u:system_r:container_t:s0" |