[refpolicy] [PATCH 2/2] Declare a virtio port device type and label /dev/vport.* accordingly

Miroslav Grepl mgrepl at redhat.com
Tue Sep 4 05:28:32 CDT 2012


On 08/31/2012 07:38 PM, Dominick Grift wrote:
> Signed-off-by: Dominick Grift <dominick.grift at gmail.com>
> ---
>   policy/modules/kernel/devices.fc | 1 +
>   policy/modules/kernel/devices.te | 3 +++
>   2 files changed, 4 insertions(+)
>
> diff --git a/policy/modules/kernel/devices.fc b/policy/modules/kernel/devices.fc
> index 5214c08..94505c4 100644
> --- a/policy/modules/kernel/devices.fc
> +++ b/policy/modules/kernel/devices.fc
> @@ -124,6 +124,7 @@ ifdef(`distro_suse', `
>   /dev/vmmon		-c	gen_context(system_u:object_r:vmware_device_t,s0)
>   /dev/vmnet.*		-c	gen_context(system_u:object_r:vmware_device_t,s0)
>   /dev/video.*		-c	gen_context(system_u:object_r:v4l_device_t,s0)
> +/dev/vport.*		-c	gen_context(system_u:object_r:virtio_device_t,s0)
>   /dev/vrtpanel		-c	gen_context(system_u:object_r:mouse_device_t,s0)
>   /dev/vttuner		-c	gen_context(system_u:object_r:v4l_device_t,s0)
>   /dev/vtx.*		-c	gen_context(system_u:object_r:v4l_device_t,s0)
> diff --git a/policy/modules/kernel/devices.te b/policy/modules/kernel/devices.te
> index 99fe460..52c535d 100644
> --- a/policy/modules/kernel/devices.te
> +++ b/policy/modules/kernel/devices.te
> @@ -272,6 +272,9 @@ dev_node(v4l_device_t)
>   type vhost_device_t;
>   dev_node(vhost_device_t)
>   
> +type virtio_device_t;
> +dev_node(virtio_device_t)
> +
>   # Type for vmware devices.
>   type vmware_device_t;
>   dev_node(vmware_device_t)
We declare it in terminal.* policy files.

Also I think base access interfaces should be part of this patch?


More information about the refpolicy mailing list