From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Mon, 23 Apr 2012 10:41:01 -0400 Subject: [refpolicy] [PATCH 2/4] Let libvirt write its own tmp files (and execute them) In-Reply-To: <20120411183524.GC6229@siphos.be> References: <20120411183017.GA6229@siphos.be> <20120411183524.GC6229@siphos.be> Message-ID: <4F9569FD.6050004@tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 04/11/12 14:35, Sven Vermeulen wrote: > During startup of guests, libvirt needs to create temporary files and execute them (part of setting up the necessary > environment of the guests). Merged. > Signed-off-by: Sven Vermeulen > --- > virt.te | 8 ++++++++ > 1 files changed, 8 insertions(+), 0 deletions(-) > > diff --git a/virt.te b/virt.te > index 3eca020..a427c3f 100644 > --- a/virt.te > +++ b/virt.te > @@ -74,6 +74,9 @@ userdom_user_home_content(virt_content_t) > type virt_log_t; > logging_log_file(virt_log_t) > > +type virt_tmp_t; > +files_tmp_file(virt_tmp_t) > + > type virt_var_run_t; > files_pid_file(virt_var_run_t) > > @@ -207,6 +210,11 @@ manage_dirs_pattern(virtd_t, virt_log_t, virt_log_t) > manage_files_pattern(virtd_t, virt_log_t, virt_log_t) > logging_log_filetrans(virtd_t, virt_log_t, { file dir }) > > +manage_dirs_pattern(virtd_t, virt_tmp_t, virt_tmp_t) > +manage_files_pattern(virtd_t, virt_tmp_t, virt_tmp_t) > +files_tmp_filetrans(virtd_t, virt_tmp_t, { file dir }) > +can_exec(virtd_t, virt_tmp_t) > + > manage_dirs_pattern(virtd_t, virt_var_lib_t, virt_var_lib_t) > manage_files_pattern(virtd_t, virt_var_lib_t, virt_var_lib_t) > manage_sock_files_pattern(virtd_t, virt_var_lib_t, virt_var_lib_t) -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com