SELinux: Add rule for passing pass phrase via file descriptor

Add a rule so we can pass a passphrase from libvirt to swtpm using a file descriptor. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
2026-02-05 22:54:09 +00:00 · 2019-07-12 12:04:26 -04:00 · 2019-07-12 12:04:26 -04:00 · 30e12eae27
commit 30e12eae27
parent 0db8249cf1
1 changed files with 1 additions and 1 deletions
--- a/src/selinux/swtpm_svirt.te
+++ b/src/selinux/swtpm_svirt.te
@ -20,7 +20,7 @@ allow svirt_t swtpm_exec_t:file { entrypoint map };
 # libvirt specific rules needed on F28
 allow svirt_t virtd_t:unix_stream_socket { read write getopt getattr accept };

-allow svirt_tcg_t virtd_t:fifo_file write;
+allow svirt_tcg_t virtd_t:fifo_file { write read };
 allow svirt_tcg_t virt_var_run_t:sock_file { create setattr };
 allow svirt_tcg_t virt_var_run_t:file { create open read write };
 allow svirt_tcg_t virt_var_run_t:dir { write add_name remove_name };