Proxmox-Port/swtpm
1
0
Fork 0
mirror of https://github.com/stefanberger/swtpm.git synced 2026-02-03 19:58:33 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

SELinux: add yet more rules for svirt for libvirt support

Browse Source 
Non-privileged mode needs another rule and on Fedora 27 we need
a swtpm_exec_t related rule we did not need on Fedora 23.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
This commit is contained in:
Stefan Berger 2018-04-27 12:15:10 -04:00
parent a6780589b4
commit 73e136cbc1
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/selinux/swtpm_svirt.te
View File

@ -4,12 +4,16 @@ require {
type svirt_t;
type swtpm_exec_t;
type virtd_t;
type user_tmp_t;
class file { entrypoint };
class process sigchld;
class fifo_file write;
class sock_file { create setattr };
}
#============= svirt_t ==============
allow svirt_t virtd_t:fifo_file write;
allow svirt_t virtd_t:process sigchld;
allow svirt_t user_tmp_t:sock_file { create setattr };
allow svirt_t swtpm_exec_t:file entrypoint;