[refpolicy] [PATCH v2 2/2] virt: Allow creating qemu guest agent socket

Dominick Grift dac.override at gmail.com
Sat Sep 5 15:28:37 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On Sat, Sep 05, 2015 at 09:43:49PM +0800, Jason Zaman wrote:
> This is needed for the host side guest agent socket for qemu.
> 
> type=AVC msg=audit(1441210375.086:110241): avc:  denied  { create } for
> pid=25153 comm="libvirtd"
> scontext=system_u:system_r:virtd_t:s0-s0:c0.c1023
> tcontext=system_u:system_r:svirt_t:s0:c110,c185
> tclass=unix_stream_socket permissive=0

Thanks, merged

> ---
>  virt.te | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/virt.te b/virt.te
> index ccc83a2..efb0096 100644
> --- a/virt.te
> +++ b/virt.te
> @@ -465,7 +465,7 @@ allow virtd_t self:netlink_route_socket nlmsg_write;
>  allow virtd_t virt_domain:process { getattr getsched setsched transition signal signull sigkill };
>  dontaudit virtd_t virt_domain:process { siginh noatsecure rlimitinh };
>  
> -allow virtd_t svirt_lxc_domain:unix_stream_socket { create_stream_socket_perms connectto };
> +allow virtd_t { virt_domain svirt_lxc_domain }:unix_stream_socket { create_stream_socket_perms connectto };
>  allow virtd_t svirt_lxc_domain:process signal_perms;
>  
>  allow virtd_t virtd_lxc_t:process { signal signull sigkill };
> -- 
> 2.4.6
> 
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy

- -- 
02DFF788
4D30 903A 1CF3 B756 FB48  1514 3148 83A2 02DF F788
http://keys.gnupg.net/pks/lookup?op=vindex&search=0x314883A202DFF788
Dominick Grift
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQGcBAEBCgAGBQJV6wofAAoJENAR6kfG5xmch+oMALTxyOgvQ4OBj0kFznPdqnXD
Y3GeBTkC3IggunMOfK3QJ96FrI8rpRF/cTNkG1No3fj0kU0jYB2c8EgftAQOL/Eb
d8Ml05ZA0T0mnyzprghUFHKre3kPFWvzlPV5l6nQtwc7FKuXlgusfpIHtVoSaHMR
G/ps2ZxEGzKgbSJ0/XtWxwic/gTEdAQI5o0X6pBsdKMJZxquRChrLrTInDM8PETf
20AkaSFY5PUWzi+Nxod6Z7v6y9zFbCkjsTN3UHdVKfOB00u/WAoNi4Wm/TcCs+45
Be86+Rh/yDUFdseHLKeisOxnAX9BylsjS+i142QvAr9ZoZJ0vmXfoMTnPXKkjFrp
/TNQP0HBblU3CeCYbl6Ye++8/YK1u5Aq+szRcRs+5Ee7RBjJKW+b4yFIxoLAqciw
P7tbmYR3IhxNlHykg0x9h2AtyWKNqpo4zZX3OZAp1COnta9jJwMnbVAv4CjLAs/r
crr8rADIISYnXxysiKqG0g2t8ndA46DOPprKVdhs9A==
=38eQ
-----END PGP SIGNATURE-----


More information about the refpolicy mailing list