Fix file context for the default local-path storage class path, fixes k…

…3s-io#9
cruizer · Jun 12, 2020 · 78330a7 · 78330a7
1 parent f0bfc40
commit 78330a7
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 0 deletions.
diff --git a/k3s.fc b/k3s.fc
@@ -6,6 +6,7 @@
 /var/lib/cni(/.*)?								gen_context(system_u:object_r:container_var_lib_t,s0)
 /var/lib/rancher/k3s(/.*)?							gen_context(system_u:object_r:container_var_lib_t,s0)
 /var/lib/rancher/k3s/data(/.*)?							gen_context(system_u:object_r:container_runtime_exec_t,s0)
+/var/lib/rancher/k3s/storage(/.*)?						gen_context(system_u:object_r:container_file_t,s0)
 #/var/lib/rancher/k3s/agent/containerd/[^/]*/snapshots(/.*)?			gen_context(system_u:object_r:container_share_t,s0)
 /var/lib/rancher/k3s/agent/containerd/[^/]*/snapshots			-d	gen_context(system_u:object_r:container_share_t,s0)
 /var/lib/rancher/k3s/agent/containerd/[^/]*/snapshots/[^/]*		-d	gen_context(system_u:object_r:container_share_t,s0)

diff --git a/k3s.te b/k3s.te
@@ -5,6 +5,11 @@ gen_require(`
 ')
 filetrans_pattern(container_runtime_t, container_var_lib_t, container_runtime_exec_t, dir, "data")
 
+gen_require(`
+    type container_runtime_t, container_var_lib_t, container_file_t;
+')
+filetrans_pattern(container_runtime_t, container_var_lib_t, container_file_t, dir, "storage")
+
 gen_require(`
     type container_runtime_t, container_var_lib_t, container_share_t;
 ')