Merge pull request #2974 from kubevirt-bot/cherry-pick-2888-to-releas…

…e-0.23 [release-0.23] [fix] allow virt-launcher to write to sysfs
kubevirt · Jan 10, 2020 · 27f2f5a · 27f2f5a
2 parents 4122a98 + 345a95e
commit 27f2f5a
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/cmd/virt-handler/virt_launcher.cil b/cmd/virt-handler/virt_launcher.cil
@@ -6,6 +6,7 @@
     (allow process self (tun_socket (relabelfrom)))
     (allow process self (tun_socket (relabelto)))
     (allow process self (tun_socket (attach_queue)))
+    (allow process sysfs_t (file (write)))
     (allow process tmp_t (dir (write add_name open getattr setattr read link search remove_name reparent lock ioctl)))
     (allow process tmp_t (file (setattr open read write create getattr append ioctl lock)))
     (allow process container_share_t (dir (write add_name)))