[refpolicy] [PATCH 4/4] libvirt use of qemu requires re-exec of qemu
Christopher J. PeBenito
cpebenito at tresys.com
Mon Apr 23 09:41:12 CDT 2012
On 04/11/12 14:36, Sven Vermeulen wrote:
> When using libvirt as the virtualization framework, using qemu as the virtualization environment itself, launching guests
> requires the qemu domain to have exec rights on its own binaries.
Merged.
> Signed-off-by: Sven Vermeulen <sven.vermeulen at siphos.be>
> ---
> qemu.te | 2 ++
> 1 files changed, 2 insertions(+), 0 deletions(-)
>
> diff --git a/qemu.te b/qemu.te
> index 9cf9992..0bbccb5 100644
> --- a/qemu.te
> +++ b/qemu.te
> @@ -50,6 +50,8 @@ role system_r types qemu_t;
> # qemu local policy
> #
>
> +can_exec(qemu_t, qemu_exec_t)
> +
> storage_raw_write_removable_device(qemu_t)
> storage_raw_read_removable_device(qemu_t)
>
--
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com
More information about the refpolicy
mailing list