From ca6fefc3c899a39a95402a82e2beda6cb5a98aa9 Mon Sep 17 00:00:00 2001 From: Laurent Bigonville Date: Fri, 19 Feb 2016 16:43:10 +0100 Subject: [PATCH] Add lxc_contexts config file selinux_lxc_contexts_path() function in upstream libselinux points to this config file. It is ATM used by libvirt. The file from Fedora also contains sandbox_lxc_process and sandbox_kvm_process parameters, but I cannot find where they are used, keep them out of the file for the time being. --- Makefile | 2 +- config/appconfig-mcs/lxc_contexts | 3 +++ config/appconfig-mls/lxc_contexts | 3 +++ config/appconfig-standard/lxc_contexts | 3 +++ 4 files changed, 10 insertions(+), 1 deletion(-) create mode 100644 config/appconfig-mcs/lxc_contexts create mode 100644 config/appconfig-mls/lxc_contexts create mode 100644 config/appconfig-standard/lxc_contexts diff --git a/Makefile b/Makefile index f651e400b..e5d8583e1 100644 --- a/Makefile +++ b/Makefile @@ -250,7 +250,7 @@ seusers := $(appconf)/seusers appdir := $(contextpath) user_default_contexts := $(wildcard config/appconfig-$(TYPE)/*_default_contexts) user_default_contexts_names := $(addprefix $(contextpath)/users/,$(subst _default_contexts,,$(notdir $(user_default_contexts)))) -appfiles := $(addprefix $(appdir)/,default_contexts default_type initrc_context failsafe_context userhelper_context removable_context dbus_contexts sepgsql_contexts x_contexts customizable_types securetty_types virtual_domain_context virtual_image_context) $(contextpath)/files/media $(fcsubspath) $(user_default_contexts_names) +appfiles := $(addprefix $(appdir)/,default_contexts default_type initrc_context failsafe_context userhelper_context removable_context dbus_contexts sepgsql_contexts x_contexts customizable_types securetty_types lxc_contexts virtual_domain_context virtual_image_context) $(contextpath)/files/media $(fcsubspath) $(user_default_contexts_names) net_contexts := $(builddir)net_contexts all_layers := $(shell find $(wildcard $(moddir)/*) -maxdepth 0 -type d) diff --git a/config/appconfig-mcs/lxc_contexts b/config/appconfig-mcs/lxc_contexts new file mode 100644 index 000000000..bf3fcc1a4 --- /dev/null +++ b/config/appconfig-mcs/lxc_contexts @@ -0,0 +1,3 @@ +process = "system_u:system_r:svirt_lxc_net_t:s0" +content = "system_u:object_r:virt_var_lib_t:s0" +file = "system_u:object_r:svirt_lxc_file_t:s0" diff --git a/config/appconfig-mls/lxc_contexts b/config/appconfig-mls/lxc_contexts new file mode 100644 index 000000000..bf3fcc1a4 --- /dev/null +++ b/config/appconfig-mls/lxc_contexts @@ -0,0 +1,3 @@ +process = "system_u:system_r:svirt_lxc_net_t:s0" +content = "system_u:object_r:virt_var_lib_t:s0" +file = "system_u:object_r:svirt_lxc_file_t:s0" diff --git a/config/appconfig-standard/lxc_contexts b/config/appconfig-standard/lxc_contexts new file mode 100644 index 000000000..b386c6ad4 --- /dev/null +++ b/config/appconfig-standard/lxc_contexts @@ -0,0 +1,3 @@ +process = "system_u:system_r:svirt_lxc_net_t" +content = "system_u:object_r:virt_var_lib_t" +file = "system_u:object_r:svirt_lxc_file_t"