Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
path: root/policy
diff options
context:
space:
mode:
Diffstat (limited to 'policy')
-rw-r--r--policy/modules/kernel/devices.if18
-rw-r--r--policy/modules/services/kubernetes.te4
2 files changed, 22 insertions, 0 deletions
diff --git a/policy/modules/kernel/devices.if b/policy/modules/kernel/devices.if
index a2d55ded..d1536573 100644
--- a/policy/modules/kernel/devices.if
+++ b/policy/modules/kernel/devices.if
@@ -2067,6 +2067,24 @@ interface(`dev_manage_dri_dev',`
########################################
## <summary>
+## Mount on the dri devices.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`dev_mounton_dri_dev',`
+ gen_require(`
+ type dri_device_t;
+ ')
+
+ allow $1 dri_device_t:chr_file mounton;
+')
+
+########################################
+## <summary>
## Automatic type transition to the type
## for DRI device nodes when created in /dev.
## </summary>
diff --git a/policy/modules/services/kubernetes.te b/policy/modules/services/kubernetes.te
index 8a13be60..a10ec550 100644
--- a/policy/modules/services/kubernetes.te
+++ b/policy/modules/services/kubernetes.te
@@ -147,6 +147,10 @@ tunable_policy(`container_read_public_content',`
miscfiles_mounton_all_public_files(kubernetes_container_engine_domain)
')
+tunable_policy(`container_use_dri',`
+ dev_mounton_dri_dev(kubernetes_container_engine_domain)
+')
+
tunable_policy(`container_use_nfs',`
fs_getattr_nfs(kubernetes_container_engine_domain)
fs_remount_nfs(kubernetes_container_engine_domain)