Skip to content
Permalink
Browse files

Merge pull request #36 from cjeanner/httpd/container_file_t

Allows httpd_t to read container_file_t content
  • Loading branch information...
jpichon committed Aug 13, 2019
2 parents 4004d29 + 3d18722 commit 6504b813e2b3f21dac708c928dfec4a0dfbdd83a
Showing with 7 additions and 0 deletions.
  1. +7 −0 os-httpd.te
@@ -10,6 +10,7 @@ gen_require(`
type keystone_log_t;
type nova_api_t;
type keystone_var_lib_t;
type container_file_t;
')

#
@@ -45,4 +46,10 @@ tunable_policy(`os_httpd_wsgi',`
# Bugzilla #1315457
# Bugzilla #1489863
corenet_tcp_bind_all_ports(httpd_t)

# Allow read-only access to container_file_t
# This is due to image-server, and images being pulled via mistral container
# during an update/upgrade
read_files_pattern(httpd_t, container_file_t, container_file_t)
allow httpd_t container_file_t:dir read;
')

0 comments on commit 6504b81

Please sign in to comment.
You can’t perform that action at this time.