From: sven.vermeulen@siphos.be (Sven Vermeulen) Date: Wed, 11 Apr 2012 20:34:53 +0200 Subject: [refpolicy] [PATCH 1/4] Adding default context rules for libvirt In-Reply-To: <20120411183017.GA6229@siphos.be> References: <20120411183017.GA6229@siphos.be> Message-ID: <20120411183453.GB6229@siphos.be> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com The libvirt infrastructure requires the availability of the context files. In this patch, we add the defaults to the three predefined application contexts (mls/mcs/standard). Signed-off-by: Sven Vermeulen --- Makefile | 2 +- config/appconfig-mcs/virtual_domain_context | 1 + config/appconfig-mcs/virtual_image_context | 2 ++ config/appconfig-mls/virtual_domain_context | 1 + config/appconfig-mls/virtual_image_context | 2 ++ config/appconfig-standard/virtual_domain_context | 1 + config/appconfig-standard/virtual_image_context | 2 ++ 7 files changed, 10 insertions(+), 1 deletions(-) create mode 100644 config/appconfig-mcs/virtual_domain_context create mode 100644 config/appconfig-mcs/virtual_image_context create mode 100644 config/appconfig-mls/virtual_domain_context create mode 100644 config/appconfig-mls/virtual_image_context create mode 100644 config/appconfig-standard/virtual_domain_context create mode 100644 config/appconfig-standard/virtual_image_context diff --git a/Makefile b/Makefile index 5a43919..39a3d40 100644 --- a/Makefile +++ b/Makefile @@ -249,7 +249,7 @@ seusers := $(appconf)/seusers appdir := $(contextpath) user_default_contexts := $(wildcard config/appconfig-$(TYPE)/*_default_contexts) user_default_contexts_names := $(addprefix $(contextpath)/users/,$(subst _default_contexts,,$(notdir $(user_default_contexts)))) -appfiles := $(addprefix $(appdir)/,default_contexts default_type initrc_context failsafe_context userhelper_context removable_context dbus_contexts sepgsql_contexts x_contexts customizable_types securetty_types) $(contextpath)/files/media $(fcsubspath) $(user_default_contexts_names) +appfiles := $(addprefix $(appdir)/,default_contexts default_type initrc_context failsafe_context userhelper_context removable_context dbus_contexts sepgsql_contexts x_contexts customizable_types securetty_types virtual_domain_context virtual_image_context) $(contextpath)/files/media $(fcsubspath) $(user_default_contexts_names) net_contexts := $(builddir)net_contexts all_layers := $(shell find $(wildcard $(moddir)/*) -maxdepth 0 -type d) diff --git a/config/appconfig-mcs/virtual_domain_context b/config/appconfig-mcs/virtual_domain_context new file mode 100644 index 0000000..d387b42 --- /dev/null +++ b/config/appconfig-mcs/virtual_domain_context @@ -0,0 +1 @@ +system_u:system_r:svirt_t:s0 diff --git a/config/appconfig-mcs/virtual_image_context b/config/appconfig-mcs/virtual_image_context new file mode 100644 index 0000000..8ab1e27 --- /dev/null +++ b/config/appconfig-mcs/virtual_image_context @@ -0,0 +1,2 @@ +system_u:object_r:svirt_image_t:s0 +system_u:object_r:virt_content_t:s0 diff --git a/config/appconfig-mls/virtual_domain_context b/config/appconfig-mls/virtual_domain_context new file mode 100644 index 0000000..d387b42 --- /dev/null +++ b/config/appconfig-mls/virtual_domain_context @@ -0,0 +1 @@ +system_u:system_r:svirt_t:s0 diff --git a/config/appconfig-mls/virtual_image_context b/config/appconfig-mls/virtual_image_context new file mode 100644 index 0000000..8ab1e27 --- /dev/null +++ b/config/appconfig-mls/virtual_image_context @@ -0,0 +1,2 @@ +system_u:object_r:svirt_image_t:s0 +system_u:object_r:virt_content_t:s0 diff --git a/config/appconfig-standard/virtual_domain_context b/config/appconfig-standard/virtual_domain_context new file mode 100644 index 0000000..c049e10 --- /dev/null +++ b/config/appconfig-standard/virtual_domain_context @@ -0,0 +1 @@ +system_u:system_r:svirt_t diff --git a/config/appconfig-standard/virtual_image_context b/config/appconfig-standard/virtual_image_context new file mode 100644 index 0000000..fca6046 --- /dev/null +++ b/config/appconfig-standard/virtual_image_context @@ -0,0 +1,2 @@ +system_u:object_r:svirt_image_t +system_u:object_r:virt_content_t -- 1.7.3.4