From: <rc...@li...> - 2011-06-06 13:17:32
|
From: Ramon de Carvalho Valle <rc...@br...> This is required to allow libvirt to relabel disk image files created by KVM Audit Test. Signed-off-by: Ramon de Carvalho Valle <rc...@br...> --- audit/utils/selinux-policy/lspp_test.te | 13 ++++++++++++- 1 files changed, 12 insertions(+), 1 deletions(-) diff --git a/audit/utils/selinux-policy/lspp_test.te b/audit/utils/selinux-policy/lspp_test.te index 0a6b07b..f8aa2a9 100644 --- a/audit/utils/selinux-policy/lspp_test.te +++ b/audit/utils/selinux-policy/lspp_test.te @@ -43,7 +43,7 @@ gen_require(` # attributes attribute domain; # domains - type auditd_t, inetd_t, initrc_t, passwd_t; + type auditd_t, inetd_t, initrc_t, passwd_t, virtd_t, default_t; # objects type auditd_log_t, sysadm_lpr_t, ipsec_spd_t; ') @@ -254,6 +254,17 @@ domain_auto_trans(lspp_harness_t,lspp_test_generic_exec_t,lspp_test_generic_t) unconfined_domain_noaudit(lspp_test_generic_t) ## +# virtualisation domain +# + +# allow libvirt to create, read, write, delete, and relabel files with the +# default file type. +files_manage_default_dirs(virtd_t) +files_manage_default_files(virtd_t) +relabel_dirs_pattern(virtd_t, default_t, default_t) +relabel_files_pattern(virtd_t, default_t, default_t) + +## # netlabel test domain # -- 1.7.1 |