SELinux: Add rules for sock_file on user_tmp_t

The following command line did not function on an x86_64 host due to missing SELinux rules: virt-install -v \ --name fedora-38-aarch64 \ --ram 4096 \ --disk path=fedora-38.img,cache=none \ --nographics \ --os-variant fedora38 \ --import \ --virt-type=qemu \ --arch aarch64 \ --check all=off Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2228423 Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
2025-08-22 10:30:52 +00:00 · 2023-08-11 17:23:33 -04:00 · 2023-08-11 17:23:33 -04:00 · 7dac1dbf6f
commit 7dac1dbf6f
parent f732f489c2
1 changed files with 1 additions and 0 deletions
--- a/src/selinux/swtpm_svirt.te
+++ b/src/selinux/swtpm_svirt.te
@ -29,5 +29,6 @@ allow svirt_tcg_t virt_var_run_t:sock_file { create setattr };
 allow svirt_tcg_t virt_var_run_t:file { create getattr open read unlink write };
 allow svirt_tcg_t virt_var_run_t:dir { write add_name remove_name };
 allow svirt_tcg_t swtpm_exec_t:file { entrypoint map };
+allow svirt_tcg_t user_tmp_t:sock_file { create setattr };
 # libvirt specific rules needed on F28
 allow svirt_tcg_t virtd_t:unix_stream_socket { read write getopt getattr accept };