From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Mon, 26 Mar 2012 20:55:18 +0200
Subject: [refpolicy] [PATCH 1/1] Allow virtd to read the selinux config
Message-ID: <20120326185518.GA24845@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

The virt daemon uses libselinux for its SELinux support, which requires read access to /etc/selinux/config to read the
SELINUXTYPE setting (through the selinux_virtual_domain_context_path() call).

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 virt.te |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/virt.te b/virt.te
index 3eca020..01c2197 100644
--- a/virt.te
+++ b/virt.te
@@ -286,6 +286,7 @@ modutils_manage_module_config(virtd_t)
 
 logging_send_syslog_msg(virtd_t)
 
+seutil_read_config(virtd_t)
 seutil_read_default_contexts(virtd_t)
 
 sysnet_domtrans_ifconfig(virtd_t)
-- 
1.7.3.4