From: sven.vermeulen@siphos.be (Sven Vermeulen) Date: Wed, 11 Apr 2012 20:35:25 +0200 Subject: [refpolicy] [PATCH 2/4] Let libvirt write its own tmp files (and execute them) In-Reply-To: <20120411183017.GA6229@siphos.be> References: <20120411183017.GA6229@siphos.be> Message-ID: <20120411183524.GC6229@siphos.be> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com During startup of guests, libvirt needs to create temporary files and execute them (part of setting up the necessary environment of the guests). Signed-off-by: Sven Vermeulen --- virt.te | 8 ++++++++ 1 files changed, 8 insertions(+), 0 deletions(-) diff --git a/virt.te b/virt.te index 3eca020..a427c3f 100644 --- a/virt.te +++ b/virt.te @@ -74,6 +74,9 @@ userdom_user_home_content(virt_content_t) type virt_log_t; logging_log_file(virt_log_t) +type virt_tmp_t; +files_tmp_file(virt_tmp_t) + type virt_var_run_t; files_pid_file(virt_var_run_t) @@ -207,6 +210,11 @@ manage_dirs_pattern(virtd_t, virt_log_t, virt_log_t) manage_files_pattern(virtd_t, virt_log_t, virt_log_t) logging_log_filetrans(virtd_t, virt_log_t, { file dir }) +manage_dirs_pattern(virtd_t, virt_tmp_t, virt_tmp_t) +manage_files_pattern(virtd_t, virt_tmp_t, virt_tmp_t) +files_tmp_filetrans(virtd_t, virt_tmp_t, { file dir }) +can_exec(virtd_t, virt_tmp_t) + manage_dirs_pattern(virtd_t, virt_var_lib_t, virt_var_lib_t) manage_files_pattern(virtd_t, virt_var_lib_t, virt_var_lib_t) manage_sock_files_pattern(virtd_t, virt_var_lib_t, virt_var_lib_t) -- 1.7.3.4