Merge pull request #416 from ca-hu/account-utils-set-uidmap

openshift-merge-bot[bot] · web-flow · commit d72cbcbc5e31 · 2025-11-26T16:44:40.000Z
Introduce container_write_proc_files interface (bsc#1253469)
diff --git a/container.if b/container.if
@@ -87,6 +87,25 @@ interface(`container_read_state',`
 	ps_process_pattern($1, container_runtime_t)
 ')
 
+########################################
+## <summary>
+##	Write to /proc/PID of container runtime.
+##	This is needed e.g. to set uid_map or gid_map
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`container_write_proc_files',`
+	gen_require(`
+		type container_runtime_t;
+	')
+
+	allow $1 container_runtime_t:file { open write };
+')
+
 ########################################
 ## <summary>
 ##	Search container lib directories.
