k8s.io/test-infra@v0.0.0-20240520184403-27c6b4c223d8/jobs/e2e_node/crio/templates/base/kubelet-e2e.te (about) 1 2 module kubelet-e2e 1.0; 3 4 require { 5 type iptables_t; 6 type cgroup_t; 7 type user_tmp_t; 8 type init_t; 9 type container_t; 10 class dir { ioctl create open write }; 11 class file { append create lock map open read rename unlink write }; 12 } 13 14 #============= init_t ============== 15 allow init_t user_tmp_t:file { append create lock map open read rename unlink write }; 16 17 #============= container_t ============== 18 allow container_t user_tmp_t:dir { create open write }; 19 20 #============= iptables_t ============== 21 allow iptables_t cgroup_t:dir ioctl;