44 lines
1.4 KiB
Diff
44 lines
1.4 KiB
Diff
From 6664ac5748b13d4e84b80ce939c0daf6129b2fed Mon Sep 17 00:00:00 2001
|
|
From: Chris PeBenito <Christopher.PeBenito@microsoft.com>
|
|
Date: Mon, 2 May 2022 15:40:27 +0000
|
|
Subject: [PATCH 18/35] container, docker: Fixes for containerd and kubernetes
|
|
testing.
|
|
|
|
These are for backwards compat, as upstream they were updated to
|
|
transient units:
|
|
|
|
init_get_generic_units_status(dockerd_t)
|
|
init_start_generic_units(dockerd_t)
|
|
|
|
Signed-off-by: Chris PeBenito <Christopher.PeBenito@microsoft.com>
|
|
---
|
|
policy/modules/services/docker.te | 3 +++
|
|
1 file changed, 3 insertions(+)
|
|
|
|
MSFT_TAG: not upstreamable
|
|
|
|
diff --git a/policy/modules/services/docker.te b/policy/modules/services/docker.te
|
|
index cb5947602..320d8ce84 100644
|
|
--- a/policy/modules/services/docker.te
|
|
+++ b/policy/modules/services/docker.te
|
|
@@ -41,6 +41,7 @@ allow dockerd_t self:netlink_xfrm_socket create_socket_perms;
|
|
init_write_runtime_socket(dockerd_t)
|
|
container_runtime_named_socket_activation(dockerd_t)
|
|
|
|
+files_search_mnt(dockerd_t)
|
|
# docker fails to start if /proc/kallsyms is unreadable,
|
|
# but only when btrfs support is disabled
|
|
files_read_kernel_symbol_table(dockerd_t)
|
|
@@ -72,6 +73,8 @@ ifdef(`init_systemd',`
|
|
init_stop_system(dockerd_t)
|
|
init_get_system_status(dockerd_t)
|
|
init_stop_generic_units(dockerd_t)
|
|
+ init_get_generic_units_status(dockerd_t)
|
|
+ init_start_generic_units(dockerd_t)
|
|
')
|
|
|
|
########################################
|
|
--
|
|
2.34.1
|
|
|