nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #395 from jpds/libvirt/runtime-common

Browse Source
This commit is contained in:
Chris PeBenito 2021-07-16 09:39:42 -04:00
commit 21cbe732e4
2 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
policy/modules/services/virt.fc
View File

@ -58,6 +58,7 @@ HOME_DIR/VirtualMachines/isos(/.*)? gen_context(system_u:object_r:virt_content_t
/run/libguestfs(/.*)? gen_context(system_u:object_r:virt_runtime_t,s0)
/run/libvirtd\.pid -- gen_context(system_u:object_r:virt_runtime_t,s0)
/run/libvirt(/.*)? gen_context(system_u:object_r:virt_runtime_t,s0)
/run/libvirt/common(/.*)? gen_context(system_u:object_r:virt_common_runtime_t,s0)
/run/libvirt/lxc(/.*)? gen_context(system_u:object_r:virtd_lxc_runtime_t,s0)
/run/libvirt-sandbox(/.*)? gen_context(system_u:object_r:virtd_lxc_runtime_t,s0)
/run/libvirt/qemu(/.*)? gen_context(system_u:object_r:svirt_runtime_t,s0-mls_systemhigh)

11
policy/modules/services/virt.te
View File

@ -129,6 +129,9 @@ type virt_image_t; # customizable
virt_image(virt_image_t)
files_mountpoint(virt_image_t)
type virt_common_runtime_t;
files_runtime_file(virt_common_runtime_t)
type virt_content_t; # customizable
virt_image(virt_content_t)
userdom_user_home_content(virt_content_t)
@ -577,6 +580,11 @@ manage_files_pattern(virtd_t, virt_runtime_t, virt_runtime_t)
manage_sock_files_pattern(virtd_t, virt_runtime_t, virt_runtime_t)
files_runtime_filetrans(virtd_t, virt_runtime_t, { file dir })
allow virtd_t virt_common_runtime_t:file append_file_perms;
manage_dirs_pattern(virtd_t, virt_common_runtime_t, virt_common_runtime_t)
manage_files_pattern(virtd_t, virt_common_runtime_t, virt_common_runtime_t)
filetrans_pattern(virtd_t, virt_runtime_t, virt_common_runtime_t, dir, "common")
manage_dirs_pattern(virtd_t, virtd_lxc_runtime_t, virtd_lxc_runtime_t)
manage_files_pattern(virtd_t, virtd_lxc_runtime_t, virtd_lxc_runtime_t)
filetrans_pattern(virtd_t, virt_runtime_t, virtd_lxc_runtime_t, dir, "lxc")
@ -1367,6 +1375,9 @@ manage_sock_files_pattern(virtlogd_t, virt_runtime_t, virtlogd_run_t)
filetrans_pattern(virtlogd_t, virt_runtime_t, virtlogd_run_t, sock_file)
files_runtime_filetrans(virtlogd_t, virtlogd_run_t, file)
allow virtlogd_t virt_common_runtime_t:file append_file_perms;
manage_files_pattern(virtlogd_t, virt_runtime_t, virt_common_runtime_t)
kernel_read_system_state(virtlogd_t)
files_read_etc_files(virtlogd_t)