From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Fri, 20 Apr 2012 16:38:06 -0400
Subject: [refpolicy] [PATCH 1/1] Allow virtd to read the selinux config
In-Reply-To: <20120326185518.GA24845@siphos.be>
References: <20120326185518.GA24845@siphos.be>
Message-ID: <4F91C92E.5020208@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 03/26/12 14:55, Sven Vermeulen wrote:
> The virt daemon uses libselinux for its SELinux support, which requires read access to /etc/selinux/config to read the
> SELINUXTYPE setting (through the selinux_virtual_domain_context_path() call).
> 
> Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
> ---
>  virt.te |    1 +
>  1 files changed, 1 insertions(+), 0 deletions(-)
> 
> diff --git a/virt.te b/virt.te
> index 3eca020..01c2197 100644
> --- a/virt.te
> +++ b/virt.te
> @@ -286,6 +286,7 @@ modutils_manage_module_config(virtd_t)
>  
>  logging_send_syslog_msg(virtd_t)
>  
> +seutil_read_config(virtd_t)
>  seutil_read_default_contexts(virtd_t)
>  
>  sysnet_domtrans_ifconfig(virtd_t)

Merged.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com