rpms / snapd

Clone
Source Code
GIT

Files

bboozzoo/update-2.51-mass-rebuild bump-2.61.1 epel7 epel8 epel9 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f40 fix/tests fix/xdelta main rawhide
  1.   f34
  2.   0001-data-selinux-allow-snap-update-ns-to-mount-on-top-of.patch
Blob Blame History Raw 
From 396e66f0563f19925c635f152e3cded64de0e98a Mon Sep 17 00:00:00 2001
Message-Id: <396e66f0563f19925c635f152e3cded64de0e98a.1649678867.git.maciej.zenon.borzecki@canonical.com>
From: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
Date: Fri, 8 Apr 2022 15:32:27 +0200
Subject: [PATCH] data/selinux: allow snap-update-ns to mount on top of
 /var/snap inside the mount ns

As some layouts may place things on top of paths under /var/snap.

Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
---
 data/selinux/snappy.te | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/data/selinux/snappy.te b/data/selinux/snappy.te
index 198b57fa6f2400f2f1eca7d901067d2f7184e595..0abfc52dc26ebc97af83df729a544ea0e6e3a553 100644
--- a/data/selinux/snappy.te
+++ b/data/selinux/snappy.te
@@ -543,6 +543,11 @@ allow snappy_mount_t snappy_snap_t:dir mounton;
 allow snappy_mount_t snappy_snap_t:file mounton;
 allow snappy_mount_t snappy_snap_t:filesystem { unmount remount };
 
+# layouts may also require mounting on top of /var/lib/snapd which contains the
+# snaps
+allow snappy_mount_t snappy_var_lib_t:dir mounton;
+allow snappy_mount_t snappy_var_lib_t:file mounton;
+
 # freezer
 fs_manage_cgroup_dirs(snappy_mount_t)
 fs_manage_cgroup_files(snappy_mount_t)
-- 
2.35.1
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.