From 5f8371eb129c1ad4bf015ade831d49d05d6ac011 Mon Sep 17 00:00:00 2001 From: Timo Makinen Date: Sun, 10 Jul 2022 14:14:14 +0000 Subject: [PATCH] podman: Fix reading certificates --- roles/podman/files/podman-certs.pp | Bin 1048 -> 963 bytes roles/podman/files/podman-certs.te | 5 ++--- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/roles/podman/files/podman-certs.pp b/roles/podman/files/podman-certs.pp index 22ae496ffd0e5eb757c222896c38afd73084ab99..3f4a3acbd40c79d95457938b8d9be403e56983ca 100644 GIT binary patch delta 92 zcmbQiahQEVl>svY0|N+yKw4%_Dm##71mg76lEjjdA{HPMBwdu6m;z!mO`QFL6(r9% gc>|;P#G8HFduGxY#j0?f{n^_gD+032--2LJ#7 delta 89 zcmX@iK7(UIl_C=Z0|N+yKw4%_DhrSX@rzOuQ$TFSiK||)f&>^R?`IUBypGWWmB+|9 VIgwF#G8a?NWG^O*$>*590s!%m6QBS9 diff --git a/roles/podman/files/podman-certs.te b/roles/podman/files/podman-certs.te index b38eb47..75ae43c 100644 --- a/roles/podman/files/podman-certs.te +++ b/roles/podman/files/podman-certs.te @@ -4,9 +4,8 @@ module podman-certs 1.0; require { type cert_t; type container_t; - class file { open read }; + class file { getattr open read }; } #============= container_t ============== -allow container_t cert_t:file read; -allow container_t cert_t:file open; +allow container_t cert_t:file { getattr open read };