| 1 |
commit: c00f2ff7e6e61e849bdf134a223341f393f12807 |
| 2 |
Author: Jason Zaman <jason <AT> perfinion <DOT> com> |
| 3 |
AuthorDate: Wed Aug 31 15:03:49 2016 +0000 |
| 4 |
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Mon Oct 3 06:15:43 2016 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=c00f2ff7 |
| 7 |
|
| 8 |
WIP virt: image type perms |
| 9 |
|
| 10 |
policy/modules/contrib/virt.te | 4 ++-- |
| 11 |
1 file changed, 2 insertions(+), 2 deletions(-) |
| 12 |
|
| 13 |
diff --git a/policy/modules/contrib/virt.te b/policy/modules/contrib/virt.te |
| 14 |
index df22d85..0dab948 100644 |
| 15 |
--- a/policy/modules/contrib/virt.te |
| 16 |
+++ b/policy/modules/contrib/virt.te |
| 17 |
@@ -530,9 +530,9 @@ manage_blk_files_pattern(virtd_t, virt_image_type, virt_image_type) |
| 18 |
manage_lnk_files_pattern(virtd_t, virt_image_type, virt_image_type) |
| 19 |
|
| 20 |
allow virtd_t virt_image_type:file relabel_file_perms; |
| 21 |
+allow virtd_t virt_image_type:dir { manage_dir_perms relabel_dir_perms }; |
| 22 |
allow virtd_t virt_image_type:blk_file relabel_blk_file_perms; |
| 23 |
allow virtd_t virt_image_type:chr_file relabel_chr_file_perms; |
| 24 |
-allow virtd_t virt_image_type:chr_file relabel_chr_file_perms; |
| 25 |
|
| 26 |
allow virtd_t virt_ptynode:chr_file rw_term_perms; |
| 27 |
|
| 28 |
@@ -572,7 +572,7 @@ manage_files_pattern(virtd_t, virtd_lxc_var_run_t, virtd_lxc_var_run_t) |
| 29 |
filetrans_pattern(virtd_t, virt_var_run_t, virtd_lxc_var_run_t, dir, "lxc") |
| 30 |
|
| 31 |
stream_connect_pattern(virtd_t, virtd_lxc_var_run_t, virtd_lxc_var_run_t, virtd_lxc_t) |
| 32 |
-stream_connect_pattern(virtd_t, svirt_var_run_t, svirt_var_run_t, virt_domain) |
| 33 |
+stream_connect_pattern(virtd_t, { virt_image_type svirt_var_run_t }, svirt_var_run_t, virt_domain) |
| 34 |
stream_connect_pattern(virtd_t, virt_var_run_t, virtlockd_run_t, virtlockd_t) |
| 35 |
stream_connect_pattern(virtd_t, virt_var_run_t, virtlogd_run_t, virtlogd_t) |
Archives