virt: add boolean to allow evdev passthrough

Signed-off-by: Kenton Groombridge <me@concord.sh>
This commit is contained in:
Kenton Groombridge 2020-12-27 20:09:09 -05:00
parent 03713214e2
commit fb377e0953
No known key found for this signature in database
GPG Key ID: 16DD27345D9905A7

View File

@ -78,6 +78,14 @@ gen_tunable(virt_use_xserver, false)
## </desc>
gen_tunable(virt_use_vfio, false)
## <desc>
## <p>
## Determine whether confined virtual guests
## can use input devices via evdev pass through.
## </p>
## </desc>
gen_tunable(virt_use_evdev, false)
attribute virt_ptynode;
attribute virt_domain;
attribute virt_image_type;
@ -448,6 +456,12 @@ tunable_policy(`virt_use_vfio',`
dev_rw_vfio_dev(svirt_t)
')
tunable_policy(`virt_use_evdev',`
# qemu uses IOCTLs 0x01, 0x06, 0x90, and potentially others
# see qemu:include/standard-headers/linux/input.h
dev_ioctl_input_dev(svirt_t)
')
########################################
#
# virtd local policy