You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We have a couple of containers bind-mounting /dev - that's probably the main issue, although we can't do otherwise since the services running in those containers do need /dev access on the host.
Do you think we can provide a patch allowing init_t to access (only "read" listed here because "permissive=0") container_runtime_tmpfs? I'm not really sure it's a good idea, but I don't know what to do in order to avoid that :/.
Cheers,
C.
The text was updated successfully, but these errors were encountered:
I think this access should be allowed or don't audited in the selinux-policy package. This is just the systemd-user-runtime-dir trying to list content under /run.
I just allowed this in upstream. Please open a bugzilla to get this updated in RHEL 8.
Hello,
We have detected a small amount of AVCs on a newly deployed rhel-8 with a bunch of containers:
We have a couple of containers bind-mounting /dev - that's probably the main issue, although we can't do otherwise since the services running in those containers do need /dev access on the host.
Do you think we can provide a patch allowing init_t to access (only "read" listed here because "permissive=0") container_runtime_tmpfs? I'm not really sure it's a good idea, but I don't know what to do in order to avoid that :/.
Cheers,
C.
The text was updated successfully, but these errors were encountered: