Created
June 4, 2021 14:25
-
-
Save tormath1/0a9413e701c3a8f97a2b1e6ad127b126 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- services/virt.te | |
| +++ services/virt.te | |
| @@ -1377,3 +1377,31 @@ sysnet_dns_name_resolve(virtlogd_t) | |
| virt_manage_log(virtlogd_t) | |
| virt_read_config(virtlogd_t) | |
| + | |
| +require { | |
| + type kernel_t; | |
| + type tmpfs_t; | |
| + type var_lib_t; | |
| +} | |
| +allow kernel_t svirt_lxc_net_t:process transition; | |
| +fs_manage_tmpfs_chr_files(svirt_lxc_net_t) | |
| +fs_manage_tmpfs_dirs(svirt_lxc_net_t) | |
| +fs_manage_tmpfs_files(svirt_lxc_net_t) | |
| +fs_manage_tmpfs_sockets(svirt_lxc_net_t) | |
| +fs_manage_tmpfs_symlinks(svirt_lxc_net_t) | |
| +fs_remount_tmpfs(svirt_lxc_net_t) | |
| +kernel_read_messages(svirt_lxc_net_t) | |
| +kernel_sigchld(svirt_lxc_net_t) | |
| +kernel_use_fds(svirt_lxc_net_t) | |
| +allow svirt_lxc_net_t self:process getcap; | |
| +files_read_var_lib_files(svirt_lxc_net_t) | |
| +files_read_var_lib_symlinks(svirt_lxc_net_t) | |
| +term_use_generic_ptys(svirt_lxc_net_t) | |
| +term_setattr_generic_ptys(svirt_lxc_net_t) | |
| +allow svirt_lxc_net_t tmpfs_t:chr_file { read write open }; | |
| +allow svirt_lxc_net_t svirt_lxc_file_t:chr_file { manage_file_perms }; | |
| +allow svirt_lxc_net_t self:capability sys_chroot; | |
| +allow svirt_lxc_net_t self:process getpgid; | |
| +allow svirt_lxc_net_t svirt_lxc_file_t:file { entrypoint mounton }; | |
| +allow svirt_lxc_net_t var_lib_t:file { entrypoint execute execute_no_trans }; | |
| +allow svirt_lxc_net_t kernel_t:fifo_file { getattr ioctl read write open append }; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment