diff options
| author | Michael Vogt <mvo@ubuntu.com> | 2019-07-15 09:28:37 +0200 |
|---|---|---|
| committer | Michael Vogt <mvo@ubuntu.com> | 2019-07-15 09:45:34 +0200 |
| commit | b2d84c9a220a92c01565c45f94c23347307a2523 (patch) | |
| tree | 97b20b228bd84238fa995974c345b4ca948bf2d6 /data | |
| parent | a6e691c0255012d8ceae19d4c6f93804a7be955f (diff) | |
selinux: add rules for bind mounting /lib/firmware/
Diffstat (limited to 'data')
| -rw-r--r-- | data/selinux/snappy.te | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/data/selinux/snappy.te b/data/selinux/snappy.te index 73c4553ac0..391a83c50c 100644 --- a/data/selinux/snappy.te +++ b/data/selinux/snappy.te @@ -458,6 +458,7 @@ gen_require(` type modules_object_t; type ifconfig_var_run_t; type var_log_t; + type lib_t; ') allow snappy_confine_t admin_home_t:dir mounton; allow snappy_confine_t bin_t:dir mounton; @@ -468,6 +469,7 @@ allow snappy_confine_t etc_t:file mounton; allow snappy_confine_t home_root_t:dir mounton; allow snappy_confine_t ifconfig_var_run_t:dir mounton; allow snappy_confine_t modules_object_t:dir mounton; +allow snappy_confine_t lib_t:dir mounton; allow snappy_confine_t ptmx_t:chr_file { getattr mounton }; allow snappy_confine_t snappy_snap_t:dir { mounton read }; allow snappy_confine_t snappy_snap_t:file mounton; |