From: dominick.grift@gmail.com (Dominick Grift)
Date: Tue, 04 Sep 2012 21:08:34 +0200
Subject: [refpolicy] [PATCH 2/2] Declare a virtio port device type and
 label /dev/vport.* accordingly
In-Reply-To: <5046491F.1050505@redhat.com>
References: <1346434702-30274-1-git-send-email-dominick.grift@gmail.com>
	<1346434702-30274-3-git-send-email-dominick.grift@gmail.com>
	<5045D7D0.9030502@redhat.com>
	<1346763057.15262.28.camel@d30.localdomain>
	<5046491F.1050505@redhat.com>
Message-ID: <1346785714.15262.32.camel@d30.localdomain>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com



On Tue, 2012-09-04 at 20:31 +0200, Miroslav Grepl wrote:

> 
> /dev/vport[0-9]p[0-9]+  -c gen_context(system_u:object_r:virtio_device_t,s0)
> 
> maybe it needs to be fixed.
> 
> And then
> 
> rhev.te:term_use_virtio_console(rhev_agentd_t)
> rhev.te:    term_use_virtio_console(rhev_agentd_consolehelper_t)
> vdagent.te:term_use_virtio_console(vdagent_t)

could you please create a patch for refpolicy that fixes this issue? I
would do it but i screwed up my refpolicy repository and cant undo it
right now because i am in the middle of a project.

But if you do , please double check the file context spec becuase i
suspect that it may not catch the interface. (i submitted this patch
because the device was mislabeled)

> >
> >> Also I think base access interfaces should be part of this patch?
> > i don't see that requirement. i also haven't encountered any process
> > trying to access it yet.
> >
>