From 2b0a02facf0ac78ffe5663069ced8103be5088a4 Mon Sep 17 00:00:00 2001 From: Chance Callahan Date: Thu, 6 Oct 2022 12:26:16 -0400 Subject: [PATCH] Wings runs, have not tested if it can read/write --- selinux/wings.fc | 4 +++- selinux/wings.te | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/selinux/wings.fc b/selinux/wings.fc index b2bf9d3..1969022 100644 --- a/selinux/wings.fc +++ b/selinux/wings.fc @@ -1,2 +1,4 @@ /usr/local/bin/wings -- gen_context(system_u:object_r:wings_exec_t,s0) -/etc/pterodactyl(/.*)? -- gen_context(system_u:object_r:wings_etc_t,s0) \ No newline at end of file +/etc/pterodactyl(/.*)? -- gen_context(system_u:object_r:wings_etc_t,s0) +/var/lib/pterodactyl/volumes(/.*)? -- gen_context(system_u:object_r:container_file_t,s0) +/var/lib/pterodactyl/mounts(/.*)? -- gen_context(system_u:object_r:container_file_t,s0) \ No newline at end of file diff --git a/selinux/wings.te b/selinux/wings.te index 5597b56..2c15d71 100644 --- a/selinux/wings.te +++ b/selinux/wings.te @@ -18,7 +18,7 @@ permissive wings_t; # allow wings_t self:fifo_file rw_fifo_file_perms; allow wings_t self:unix_stream_socket create_stream_socket_perms; -allow wings_exec_t:file execmod; +allow wings_t wings_exec_t:file execmod; domain_use_interactive_fds(wings_t)