Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow unconfined domains to bpf all other domains #806

Merged
merged 1 commit into from
Aug 6, 2021

Conversation

rhatdan
Copy link
Contributor

@rhatdan rhatdan commented Jul 16, 2021

Signed-off-by: Daniel J Walsh dwalsh@redhat.com

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
@rhatdan
Copy link
Contributor Author

rhatdan commented Jul 16, 2021

In the container-selinux.te file we are seeing lot's of AVCs in OpenShift where spc_t domains are loading bpf rules on different processes on the system.

@rhatdan
Copy link
Contributor Author

rhatdan commented Aug 6, 2021

@zpytela PTAL
Lets get this merged and released, we are getting several bug reports on this from container tools.

@zpytela
Copy link
Contributor

zpytela commented Aug 6, 2021

Merging, thank you.

@zpytela zpytela merged commit 74e7375 into fedora-selinux:rawhide Aug 6, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants