RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

virt: allow lvm_control access 

type=AVC msg=audit(1563034372.505:40675): avc:  denied  { read write } for  pid=64033 comm="libvirtd" name="control" dev="devtmpfs" ino=1273 scontext=system_u:system_r:virtd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lvm_control_t:s0 tclass=chr_file permissive=0
type=SYSCALL msg=audit(1563034372.505:40675): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=7ff9a09cd180 a2=2 a3=0 items=1 ppid=1 pid=64033 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=3 comm="libvirtd" exe="/usr/sbin/libvirtd" subj=system_u:system_r:virtd_t:s0-s0:c0.c1023 key=(null)
type=CWD msg=audit(1563034372.505:40675): cwd="/"
type=PATH msg=audit(1563034372.505:40675): item=0 name="/dev/mapper/control" inode=1273 dev=00:06 mode=020600 ouid=0 ogid=0 rdev=0a:ec obj=system_u:object_r:lvm_control_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0

Signed-off-by: Jason Zaman <jason@perfinion.com>
This commit is contained in:
Jason Zaman 2019-12-24 18:10:43 +08:00 committed by Chris PeBenito
parent 17f644c625
commit 66d7d802da
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
policy/modules/services/virt.te
View File

@ -622,6 +622,7 @@ dev_rw_sysfs(virtd_t)
dev_read_urand(virtd_t) dev_read_urand(virtd_t)
dev_read_rand(virtd_t) dev_read_rand(virtd_t)
dev_rw_kvm(virtd_t) dev_rw_kvm(virtd_t)
dev_rw_lvm_control(virtd_t)
dev_getattr_all_chr_files(virtd_t) dev_getattr_all_chr_files(virtd_t)
dev_rw_mtrr(virtd_t) dev_rw_mtrr(virtd_t)
dev_rw_vhost(virtd_t) dev_rw_vhost(virtd_t)