Layer: services

Module: podman

Description:

Policy for podman

Interfaces:

podman_admin(
	
		domain
		
			,
		
		role
		
	)

Summary

All of the rules required to administrate a podman environment.

Parameters

Parameter:	Description:
domain	Domain allowed access.
role	Role allowed access.

podman_domtrans(
	
		domain
		
	)

Summary

Execute podman in the podman domain.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.

podman_domtrans_conmon(
	
		domain
		
	)

Summary

Execute conmon in the podman conmon domain.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.

podman_domtrans_conmon_user(
	
		domain
		
	)

Summary

Execute conmon in the podman conmon user domain (rootless podman).

Parameters

Parameter:	Description:
domain	Domain allowed to transition.

podman_domtrans_user(
	
		domain
		
	)

Summary

Execute podman in the podman user domain (rootless podman).

Parameters

Parameter:	Description:
domain	Domain allowed to transition.

podman_run(
	
		domain
		
			,
		
		role
		
	)

Summary

Execute podman in the podman domain, and allow the specified role the podman domain.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.
role	The role to be allowed the podman domain.

podman_run_conmon(
	
		domain
		
			,
		
		role
		
	)

Summary

Execute conmon in the podman conmon domain, and allow the specified role the podman conmon domain.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.
role	The role to be allowed the conmon domain.

podman_run_conmon_user(
	
		domain
		
			,
		
		role
		
	)

Summary

Execute conmon in the podman conmon user domain, and allow the specified role the podman conmon user domain (rootless podman).

Parameters

Parameter:	Description:
domain	Domain allowed to transition.
role	The role to be allowed the conmon domain.

podman_run_user(
	
		domain
		
			,
		
		role
		
	)

Summary

Execute podman in the podman user domain, and allow the specified role the podman user domain (rootless podman).

Parameters

Parameter:	Description:
domain	Domain allowed to transition.
role	The role to be allowed the podman domain.

podman_rw_conmon_pipes(
	
		domain
		
	)

Summary

Read and write podman conmon unnamed pipes.

Parameters

Parameter:	Description:
domain	Domain allowed access.

podman_spec_rangetrans_conmon(
	
		domain
		
			,
		
		range
		
	)

Summary

Make the specified domain perform a range transition when executing conmon.

Parameters

Parameter:	Description:
domain	Domain to transition ranges.
range	MLS range to transition to.

podman_use_conmon_fds(
	
		domain
		
	)

Summary

Allow the specified domain to inherit file descriptors from podman conmon.

Parameters

Parameter:	Description:
domain	Domain allowed access.

Return

Templates:

podman_conmon_domain_template(
	
		prefix
		
			,
		
		source_domain
		
	)

Summary

Template for conmon domains.

Parameters

Parameter:	Description:
prefix	Prefix for generated types.
source_domain	Domain allowed to transition.

podman_user_role(
	
		role_prefix
		
			,
		
		user_domain
		
			,
		
		user_exec_domain
		
			,
		
		role
		
	)

Summary

Role access for rootless podman.

Parameters

Parameter:	Description:
role_prefix	The prefix of the user role (e.g., user is the prefix for user_r).
user_domain	User domain for the role.
user_exec_domain	User exec domain for execute and transition access.
role	Role allowed access.

Return