SELinux: apply osbuild_exec_t to /usr/bin/osbuild-image-info
This is needed, for the tool to be able to read SELinux labels from the inspected image, which are not known to the host on which it is running. Signed-off-by: Tomáš Hozza <thozza@redhat.com>
This commit is contained in:
Tomáš Hozza
Achilleas Koutsou
parent
6738679f2e
commit
e90a74f088
2 changed files with 2 additions and 1 deletions
|
|
@ -1,4 +1,5 @@
|
||||||
/usr/bin/osbuild -- gen_context(system_u:object_r:osbuild_exec_t,s0)
|
/usr/bin/osbuild -- gen_context(system_u:object_r:osbuild_exec_t,s0)
|
||||||
|
/usr/bin/osbuild-image-info -- gen_context(system_u:object_r:osbuild_exec_t,s0)
|
||||||
/usr/lib/osbuild/assemblers/.* -- gen_context(system_u:object_r:osbuild_exec_t,s0)
|
/usr/lib/osbuild/assemblers/.* -- gen_context(system_u:object_r:osbuild_exec_t,s0)
|
||||||
/usr/lib/osbuild/stages/.* -- gen_context(system_u:object_r:osbuild_exec_t,s0)
|
/usr/lib/osbuild/stages/.* -- gen_context(system_u:object_r:osbuild_exec_t,s0)
|
||||||
/usr/lib/osbuild/sources/.* -- gen_context(system_u:object_r:osbuild_exec_t,s0)
|
/usr/lib/osbuild/sources/.* -- gen_context(system_u:object_r:osbuild_exec_t,s0)
|
||||||
|
|
|
||||||
|
|
@ -18,7 +18,7 @@ The osbuild_t SELinux type can be entered via the \fBosbuild_exec_t\fP file type
|
||||||
|
|
||||||
The default entrypoint paths for the osbuild_t domain are the following:
|
The default entrypoint paths for the osbuild_t domain are the following:
|
||||||
|
|
||||||
/usr/lib/osbuild/stages/*, /usr/lib/osbuild/sources/*, /usr/lib/osbuild/assemblers/*, /usr/bin/osbuild
|
/usr/lib/osbuild/stages/*, /usr/lib/osbuild/sources/*, /usr/lib/osbuild/assemblers/*, /usr/bin/osbuild, /usr/bin/osbuild-image-info
|
||||||
.SH PROCESS TYPES
|
.SH PROCESS TYPES
|
||||||
SELinux defines process types (domains) for each process running on the system
|
SELinux defines process types (domains) for each process running on the system
|
||||||
.PP
|
.PP
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue