commit: db3ffc24bb923198f05eb16579d1455a96f7c018
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Wed Aug 31 15:03:49 2016 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Mon Oct 24 17:08:02 2016 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=db3ffc24
WIP virt: image type perms
policy/modules/contrib/virt.te | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/policy/modules/contrib/virt.te b/policy/modules/contrib/virt.te
index 0adbdb1..aec85ea 100644
--- a/policy/modules/contrib/virt.te
+++ b/policy/modules/contrib/virt.te
@@ -530,9 +530,9 @@ manage_blk_files_pattern(virtd_t, virt_image_type,
virt_image_type)
manage_lnk_files_pattern(virtd_t, virt_image_type, virt_image_type)
allow virtd_t virt_image_type:file relabel_file_perms;
+allow virtd_t virt_image_type:dir { manage_dir_perms relabel_dir_perms };
allow virtd_t virt_image_type:blk_file relabel_blk_file_perms;
allow virtd_t virt_image_type:chr_file relabel_chr_file_perms;
-allow virtd_t virt_image_type:chr_file relabel_chr_file_perms;
allow virtd_t virt_ptynode:chr_file rw_term_perms;
@@ -572,7 +572,7 @@ manage_files_pattern(virtd_t, virtd_lxc_var_run_t,
virtd_lxc_var_run_t)
filetrans_pattern(virtd_t, virt_var_run_t, virtd_lxc_var_run_t, dir, "lxc")
stream_connect_pattern(virtd_t, virtd_lxc_var_run_t, virtd_lxc_var_run_t,
virtd_lxc_t)
-stream_connect_pattern(virtd_t, svirt_var_run_t, svirt_var_run_t, virt_domain)
+stream_connect_pattern(virtd_t, { virt_image_type svirt_var_run_t },
svirt_var_run_t, virt_domain)
stream_connect_pattern(virtd_t, virt_var_run_t, virtlockd_run_t, virtlockd_t)
stream_connect_pattern(virtd_t, virt_var_run_t, virtlogd_run_t, virtlogd_t)
