Add proper labeling for RamaLama

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
containers · Nov 11, 2024 · 8ba68ee · 8ba68ee
1 parent a4c8cd9
commit 8ba68ee
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 1 deletion.
diff --git a/container.fc b/container.fc
@@ -92,6 +92,7 @@
 # Unlike the runc-<SNAPSHOTTER> directory, this directory does not contain the "executor" directory inside it.
 /var/lib/buildkit/containerd-.*(/.*?)	gen_context(system_u:object_r:container_ro_file_t,s0)
 
+HOME_DIR/\.local/share/ramalama(/.*)?		 gen_context(system_u:object_r:container_ro_file_t,s0)
 HOME_DIR/\.local/share/containers/storage/overlay(/.*)?	 gen_context(system_u:object_r:container_ro_file_t,s0)
 HOME_DIR/\.local/share/containers/storage/overlay2(/.*)?	 gen_context(system_u:object_r:container_ro_file_t,s0)
 HOME_DIR/\.local/share/containers/storage/overlay-layers(/.*)?	 gen_context(system_u:object_r:container_ro_file_t,s0)

diff --git a/container.if b/container.if
@@ -562,6 +562,7 @@ interface(`container_filetrans_named_content',`
     # Third-party snapshotters
     filetrans_pattern($1, container_var_lib_t, container_ro_file_t, dir, "containerd-soci")
 
+    filetrans_pattern($1, data_home_t, container_ro_file_t, dir, "ramalama")
     filetrans_pattern($1, data_home_t, container_ro_file_t, dir, "overlay")
     filetrans_pattern($1, data_home_t, container_ro_file_t, dir, "overlay-images")
     filetrans_pattern($1, data_home_t, container_ro_file_t, dir, "overlay-layers")

diff --git a/container.te b/container.te
@@ -1,4 +1,4 @@
-policy_module(container, 2.234.0)
+policy_module(container, 2.234.1)
 
 gen_require(`
 	class passwd rootok;