[refpolicy] [PATCH 1/4] Adding default context rules for libvirt
Christopher J. PeBenito
cpebenito at tresys.com
Mon Apr 23 09:40:57 CDT 2012
On 04/11/12 14:34, Sven Vermeulen wrote:
> The libvirt infrastructure requires the availability of the context files.
>
> In this patch, we add the defaults to the three predefined application
> contexts (mls/mcs/standard).
Merged.
> Signed-off-by: Sven Vermeulen <sven.vermeulen at siphos.be>
> ---
> Makefile | 2 +-
> config/appconfig-mcs/virtual_domain_context | 1 +
> config/appconfig-mcs/virtual_image_context | 2 ++
> config/appconfig-mls/virtual_domain_context | 1 +
> config/appconfig-mls/virtual_image_context | 2 ++
> config/appconfig-standard/virtual_domain_context | 1 +
> config/appconfig-standard/virtual_image_context | 2 ++
> 7 files changed, 10 insertions(+), 1 deletions(-)
> create mode 100644 config/appconfig-mcs/virtual_domain_context
> create mode 100644 config/appconfig-mcs/virtual_image_context
> create mode 100644 config/appconfig-mls/virtual_domain_context
> create mode 100644 config/appconfig-mls/virtual_image_context
> create mode 100644 config/appconfig-standard/virtual_domain_context
> create mode 100644 config/appconfig-standard/virtual_image_context
>
> diff --git a/Makefile b/Makefile
> index 5a43919..39a3d40 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -249,7 +249,7 @@ seusers := $(appconf)/seusers
> appdir := $(contextpath)
> user_default_contexts := $(wildcard config/appconfig-$(TYPE)/*_default_contexts)
> user_default_contexts_names := $(addprefix $(contextpath)/users/,$(subst _default_contexts,,$(notdir $(user_default_contexts))))
> -appfiles := $(addprefix $(appdir)/,default_contexts default_type initrc_context failsafe_context userhelper_context removable_context dbus_contexts sepgsql_contexts x_contexts customizable_types securetty_types) $(contextpath)/files/media $(fcsubspath) $(user_default_contexts_names)
> +appfiles := $(addprefix $(appdir)/,default_contexts default_type initrc_context failsafe_context userhelper_context removable_context dbus_contexts sepgsql_contexts x_contexts customizable_types securetty_types virtual_domain_context virtual_image_context) $(contextpath)/files/media $(fcsubspath) $(user_default_contexts_names)
> net_contexts := $(builddir)net_contexts
>
> all_layers := $(shell find $(wildcard $(moddir)/*) -maxdepth 0 -type d)
> diff --git a/config/appconfig-mcs/virtual_domain_context b/config/appconfig-mcs/virtual_domain_context
> new file mode 100644
> index 0000000..d387b42
> --- /dev/null
> +++ b/config/appconfig-mcs/virtual_domain_context
> @@ -0,0 +1 @@
> +system_u:system_r:svirt_t:s0
> diff --git a/config/appconfig-mcs/virtual_image_context b/config/appconfig-mcs/virtual_image_context
> new file mode 100644
> index 0000000..8ab1e27
> --- /dev/null
> +++ b/config/appconfig-mcs/virtual_image_context
> @@ -0,0 +1,2 @@
> +system_u:object_r:svirt_image_t:s0
> +system_u:object_r:virt_content_t:s0
> diff --git a/config/appconfig-mls/virtual_domain_context b/config/appconfig-mls/virtual_domain_context
> new file mode 100644
> index 0000000..d387b42
> --- /dev/null
> +++ b/config/appconfig-mls/virtual_domain_context
> @@ -0,0 +1 @@
> +system_u:system_r:svirt_t:s0
> diff --git a/config/appconfig-mls/virtual_image_context b/config/appconfig-mls/virtual_image_context
> new file mode 100644
> index 0000000..8ab1e27
> --- /dev/null
> +++ b/config/appconfig-mls/virtual_image_context
> @@ -0,0 +1,2 @@
> +system_u:object_r:svirt_image_t:s0
> +system_u:object_r:virt_content_t:s0
> diff --git a/config/appconfig-standard/virtual_domain_context b/config/appconfig-standard/virtual_domain_context
> new file mode 100644
> index 0000000..c049e10
> --- /dev/null
> +++ b/config/appconfig-standard/virtual_domain_context
> @@ -0,0 +1 @@
> +system_u:system_r:svirt_t
> diff --git a/config/appconfig-standard/virtual_image_context b/config/appconfig-standard/virtual_image_context
> new file mode 100644
> index 0000000..fca6046
> --- /dev/null
> +++ b/config/appconfig-standard/virtual_image_context
> @@ -0,0 +1,2 @@
> +system_u:object_r:svirt_image_t
> +system_u:object_r:virt_content_t
--
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com
More information about the refpolicy
mailing list