1 |
commit: a81b9a9546a92414dba7d3e0b0adff0147611eba |
2 |
Author: Jason Zaman <jason <AT> perfinion <DOT> com> |
3 |
AuthorDate: Thu Aug 11 05:49:02 2016 +0000 |
4 |
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> |
5 |
CommitDate: Mon Feb 27 11:32:41 2017 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=a81b9a95 |
7 |
|
8 |
virt: need to relabel to set categories |
9 |
|
10 |
libvirtError: unable to set security context |
11 |
'system_u:object_r:svirt_image_t:s0:c50,c346' on |
12 |
'/var/lib/libvirt/qemu/domain-1-zfstest': Permission denied |
13 |
|
14 |
policy/modules/contrib/virt.te | 1 + |
15 |
1 file changed, 1 insertion(+) |
16 |
|
17 |
diff --git a/policy/modules/contrib/virt.te b/policy/modules/contrib/virt.te |
18 |
index 42e68a29..3da04ef9 100644 |
19 |
--- a/policy/modules/contrib/virt.te |
20 |
+++ b/policy/modules/contrib/virt.te |
21 |
@@ -501,6 +501,7 @@ filetrans_pattern(virtd_t, virt_home_t, virt_content_t, dir, "isos") |
22 |
allow virtd_t virtd_keytab_t:file read_file_perms; |
23 |
|
24 |
allow virtd_t svirt_var_run_t:file relabel_file_perms; |
25 |
+allow virtd_t svirt_var_run_t:dir relabel_dir_perms; |
26 |
manage_dirs_pattern(virtd_t, svirt_var_run_t, svirt_var_run_t) |
27 |
manage_files_pattern(virtd_t, svirt_var_run_t, svirt_var_run_t) |
28 |
manage_sock_files_pattern(virtd_t, svirt_var_run_t, svirt_var_run_t) |