Skip to content

Commit

Permalink
Add selinux conf for alist
Browse files Browse the repository at this point in the history
- and allow caddy to connect to alist/comiclib
  • Loading branch information
karuboniru committed Feb 1, 2024
1 parent 6253ed1 commit 6dc99b4
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 0 deletions.
10 changes: 10 additions & 0 deletions cils/container_alist.cil
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
(block container_alist
(blockinherit container)
(blockinherit restricted_net_container)

(allow process user_home_t ( dir ( watch add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process user_home_t ( file ( watch append create getattr ioctl lock map open read rename setattr unlink write )))

(allow process port_type ( tcp_socket ( name_connect recv_msg send_msg )))
(allow process port_type ( udp_socket ( recv_msg send_msg )))
)
2 changes: 2 additions & 0 deletions cils/container_caddy.cil
Original file line number Diff line number Diff line change
Expand Up @@ -5,4 +5,6 @@

(allow process var_run_t ( sock_file ( write )))
(allow process cockpit_ws_t ( unix_stream_socket ( connectto )))
(allow process container_alist.process ( unix_stream_socket ( connectto )))
(allow process comiclib.process ( unix_stream_socket ( connectto )))
)

0 comments on commit 6dc99b4

Please sign in to comment.