From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Mon, 23 Apr 2012 10:40:57 -0400 Subject: [refpolicy] [PATCH 1/4] Adding default context rules for libvirt In-Reply-To: <20120411183453.GB6229@siphos.be> References: <20120411183017.GA6229@siphos.be> <20120411183453.GB6229@siphos.be> Message-ID: <4F9569F9.4080604@tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 04/11/12 14:34, Sven Vermeulen wrote: > The libvirt infrastructure requires the availability of the context files. > > In this patch, we add the defaults to the three predefined application > contexts (mls/mcs/standard). Merged. > Signed-off-by: Sven Vermeulen > --- > Makefile | 2 +- > config/appconfig-mcs/virtual_domain_context | 1 + > config/appconfig-mcs/virtual_image_context | 2 ++ > config/appconfig-mls/virtual_domain_context | 1 + > config/appconfig-mls/virtual_image_context | 2 ++ > config/appconfig-standard/virtual_domain_context | 1 + > config/appconfig-standard/virtual_image_context | 2 ++ > 7 files changed, 10 insertions(+), 1 deletions(-) > create mode 100644 config/appconfig-mcs/virtual_domain_context > create mode 100644 config/appconfig-mcs/virtual_image_context > create mode 100644 config/appconfig-mls/virtual_domain_context > create mode 100644 config/appconfig-mls/virtual_image_context > create mode 100644 config/appconfig-standard/virtual_domain_context > create mode 100644 config/appconfig-standard/virtual_image_context > > diff --git a/Makefile b/Makefile > index 5a43919..39a3d40 100644 > --- a/Makefile > +++ b/Makefile > @@ -249,7 +249,7 @@ seusers := $(appconf)/seusers > appdir := $(contextpath) > user_default_contexts := $(wildcard config/appconfig-$(TYPE)/*_default_contexts) > user_default_contexts_names := $(addprefix $(contextpath)/users/,$(subst _default_contexts,,$(notdir $(user_default_contexts)))) > -appfiles := $(addprefix $(appdir)/,default_contexts default_type initrc_context failsafe_context userhelper_context removable_context dbus_contexts sepgsql_contexts x_contexts customizable_types securetty_types) $(contextpath)/files/media $(fcsubspath) $(user_default_contexts_names) > +appfiles := $(addprefix $(appdir)/,default_contexts default_type initrc_context failsafe_context userhelper_context removable_context dbus_contexts sepgsql_contexts x_contexts customizable_types securetty_types virtual_domain_context virtual_image_context) $(contextpath)/files/media $(fcsubspath) $(user_default_contexts_names) > net_contexts := $(builddir)net_contexts > > all_layers := $(shell find $(wildcard $(moddir)/*) -maxdepth 0 -type d) > diff --git a/config/appconfig-mcs/virtual_domain_context b/config/appconfig-mcs/virtual_domain_context > new file mode 100644 > index 0000000..d387b42 > --- /dev/null > +++ b/config/appconfig-mcs/virtual_domain_context > @@ -0,0 +1 @@ > +system_u:system_r:svirt_t:s0 > diff --git a/config/appconfig-mcs/virtual_image_context b/config/appconfig-mcs/virtual_image_context > new file mode 100644 > index 0000000..8ab1e27 > --- /dev/null > +++ b/config/appconfig-mcs/virtual_image_context > @@ -0,0 +1,2 @@ > +system_u:object_r:svirt_image_t:s0 > +system_u:object_r:virt_content_t:s0 > diff --git a/config/appconfig-mls/virtual_domain_context b/config/appconfig-mls/virtual_domain_context > new file mode 100644 > index 0000000..d387b42 > --- /dev/null > +++ b/config/appconfig-mls/virtual_domain_context > @@ -0,0 +1 @@ > +system_u:system_r:svirt_t:s0 > diff --git a/config/appconfig-mls/virtual_image_context b/config/appconfig-mls/virtual_image_context > new file mode 100644 > index 0000000..8ab1e27 > --- /dev/null > +++ b/config/appconfig-mls/virtual_image_context > @@ -0,0 +1,2 @@ > +system_u:object_r:svirt_image_t:s0 > +system_u:object_r:virt_content_t:s0 > diff --git a/config/appconfig-standard/virtual_domain_context b/config/appconfig-standard/virtual_domain_context > new file mode 100644 > index 0000000..c049e10 > --- /dev/null > +++ b/config/appconfig-standard/virtual_domain_context > @@ -0,0 +1 @@ > +system_u:system_r:svirt_t > diff --git a/config/appconfig-standard/virtual_image_context b/config/appconfig-standard/virtual_image_context > new file mode 100644 > index 0000000..fca6046 > --- /dev/null > +++ b/config/appconfig-standard/virtual_image_context > @@ -0,0 +1,2 @@ > +system_u:object_r:svirt_image_t > +system_u:object_r:virt_content_t -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com