From 73e136cbc13f309938db781f60be49f7fbcdd765 Mon Sep 17 00:00:00 2001
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
Date: Fri, 27 Apr 2018 12:15:10 -0400
Subject: [PATCH] SELinux: add yet more rules for svirt for libvirt support

Non-privileged mode needs another rule and on Fedora 27 we need
a swtpm_exec_t related rule we did not need on Fedora 23.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
---
 src/selinux/swtpm_svirt.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/selinux/swtpm_svirt.te b/src/selinux/swtpm_svirt.te
index 75a25cf..5c255e9 100644
--- a/src/selinux/swtpm_svirt.te
+++ b/src/selinux/swtpm_svirt.te
@@ -4,12 +4,16 @@ require {
 	type svirt_t;
 	type swtpm_exec_t;
 	type virtd_t;
+	type user_tmp_t;
 
 	class file { entrypoint };
 	class process sigchld;
 	class fifo_file write;
+	class sock_file { create setattr };
 }
 
 #============= svirt_t ==============
 allow svirt_t virtd_t:fifo_file write;
 allow svirt_t virtd_t:process sigchld;
+allow svirt_t user_tmp_t:sock_file { create setattr };
+allow svirt_t swtpm_exec_t:file entrypoint;
\ No newline at end of file