Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add policy generation for fifo_files #85

Closed
PatrickLaneville opened this issue Mar 23, 2021 · 1 comment
Closed

Add policy generation for fifo_files #85

PatrickLaneville opened this issue Mar 23, 2021 · 1 comment
Assignees
@wrabcak
Labels
enhancement New feature or request

Comments

@PatrickLaneville
Copy link

Is your feature request related to a problem? Please describe.
When using udica to generate SELinux policies I am unable to get access to the fifo_files in my container mounts.
Describe the solution you'd like
I would like the policy generated by udica to include the same access to fifo_files as it does sock_files within the mount points of my containers.
Describe alternatives you've considered
Modify the CIL policy by handing before loading the module. Have a flag in udica for the different object classes that I want to be able to access within the mounts of my container.
Additional context
Containers can currently manage fifo’s with the following type labels: container_file_t
https://github.com/containers/container-selinux/blob/d89a599e3d3c362ec178600ed04c72f337c10d28/container.te#L796
@wrabcak wrabcak added the enhancement New feature or request label Apr 5, 2021
@wrabcak wrabcak self-assigned this Apr 7, 2021
wrabcak added a commit to wrabcak/udica that referenced this issue Apr 7, 2021
@wrabcak
Enable udica to generated policys for fifo files
97f43d6 
Udica generates SELinux seucurity allow rules only for files,dirs and
sockets. Following commit adds also FIFO files.

Fixes: containers#85
wrabcak added a commit to wrabcak/udica that referenced this issue Apr 7, 2021
@wrabcak
Enable udica to generated policys for fifo files
2d9a7d5 
Udica generates SELinux seucurity allow rules only for files,dirs and
sockets. Following commit adds also FIFO files.

Fixes: containers#85
@wrabcak
Copy link
Member

wrabcak commented Apr 7, 2021

Hi @PatrickLaneville ,

I added some bits to the udica code, we need to fix CI to improve tests to follow new fifo files.

Thanks,
Lukas.

wrabcak added a commit to wrabcak/udica that referenced this issue Apr 9, 2021
@wrabcak
Enable udica to generated policys for fifo files
d847ac7 
Udica generates SELinux seucurity allow rules only for files,dirs and
sockets. Following commit adds also FIFO files.

The change required also to modify existing unit tests.

Fixes: containers#85
@wrabcak wrabcak mentioned this issue Apr 9, 2021
Closed
wrabcak added a commit to wrabcak/udica that referenced this issue Apr 9, 2021
@wrabcak
Enable udica to generate policies with fifo class
807a071 
Udica generates SELinux security allow rules only for files,dirs and
sockets. Following commit adds also FIFO files.

The change required also to modify existing unit tests.

Fixes: containers#85
wrabcak added a commit to wrabcak/udica that referenced this issue May 20, 2021
@wrabcak
Enable udica to generate policies with fifo class
8ebe662 
Udica generates SELinux security allow rules only for files,dirs and
sockets. Following commit adds also FIFO files.

The change required also to modify existing unit tests.

Fixes: containers#85
vmojzis pushed a commit to wrabcak/udica that referenced this issue Jul 8, 2021
@wrabcak @vmojzis
Enable udica to generate policies with fifo class
e5d4bd2 
Udica generates SELinux security allow rules only for files,dirs and
sockets. Following commit adds also FIFO files.

The change required also to modify existing unit tests.

Fixes: containers#85
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@wrabcak wrabcak

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Enable udica to generate policies with fifo files class wrabcak/udica
2 participants
@wrabcak @PatrickLaneville