Added selinux rule for /var/run:/var/run

Change-Id: I9afa3d6e1a90749024fe45aa41794925934e0a0d Closes-Bug: #1800345
Juniper · Oct 30, 2018 · 8f0c42b · 8f0c42b
1 parent 3e3b107
commit 8f0c42b
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/extraconfig/pre_network/contrail/contrail_ansible_host_config.yaml b/extraconfig/pre_network/contrail/contrail_ansible_host_config.yaml
@@ -56,13 +56,15 @@
               require {
                       type container_var_run_t;
                       type svirt_t;
+                      type var_run_t;
                       class sock_file { create unlink };
                       class dir { add_name remove_name write };
               }
 
               #============= svirt_t ==============
               allow svirt_t container_var_run_t:dir { add_name remove_name write };
               allow svirt_t container_var_run_t:sock_file { create unlink };
+              allow svirt_t var_run_t:sock_file { create unlink };
 
         - name: create contrail dpdk selinux policy module
           shell: /bin/checkmodule -M -m -o /tmp/contrail_dpdk.mod /tmp/contrail_dpdk.te