[refpolicy] [PATCH 2/4] Let libvirt write its own tmp files (and execute them)

Wed Apr 11 13:35:25 CDT 2012

During startup of guests, libvirt needs to create temporary files and execute them (part of setting up the necessary
environment of the guests).

Signed-off-by: Sven Vermeulen <sven.vermeulen at siphos.be>
---
 virt.te |    8 ++++++++
 1 files changed, 8 insertions(+), 0 deletions(-)

diff --git a/virt.te b/virt.te
index 3eca020..a427c3f 100644
--- a/virt.te
+++ b/virt.te
@@ -74,6 +74,9 @@ userdom_user_home_content(virt_content_t)
 type virt_log_t;
 logging_log_file(virt_log_t)
 
+type virt_tmp_t;
+files_tmp_file(virt_tmp_t)
+
 type virt_var_run_t;
 files_pid_file(virt_var_run_t)
 
@@ -207,6 +210,11 @@ manage_dirs_pattern(virtd_t, virt_log_t, virt_log_t)
 manage_files_pattern(virtd_t, virt_log_t, virt_log_t)
 logging_log_filetrans(virtd_t, virt_log_t, { file dir })
 
+manage_dirs_pattern(virtd_t, virt_tmp_t, virt_tmp_t)
+manage_files_pattern(virtd_t, virt_tmp_t, virt_tmp_t)
+files_tmp_filetrans(virtd_t, virt_tmp_t, { file dir })
+can_exec(virtd_t, virt_tmp_t)
+
 manage_dirs_pattern(virtd_t, virt_var_lib_t, virt_var_lib_t)
 manage_files_pattern(virtd_t, virt_var_lib_t, virt_var_lib_t)
 manage_sock_files_pattern(virtd_t, virt_var_lib_t, virt_var_lib_t)
-- 
1.7.3.4

