Allow virt_domains to exec qumu_exec_t, add boolean to allow svirt_t to connect to x
This commit is contained in:
Dan Walsh
parent
dfe675b8f7
commit
a75a591e52
@ -155,6 +155,24 @@ interface(`qemu_domtrans',`
|
||||
domtrans_pattern($1, qemu_exec_t, qemu_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Execute a qemu in the callers domain
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`qemu_exec',`
|
||||
gen_require(`
|
||||
type qemu_exec_t;
|
||||
')
|
||||
|
||||
can_exec($1, qemu_exec_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Execute qemu in the qemu domain.
|
||||
|
||||
@ -41,6 +41,13 @@ gen_tunable(virt_use_samba, false)
|
||||
## </desc>
|
||||
gen_tunable(virt_use_sysfs, false)
|
||||
|
||||
## <desc>
|
||||
## <p>
|
||||
## Allow virtual machine to interact with the xserver
|
||||
## </p>
|
||||
## </desc>
|
||||
gen_tunable(virt_use_xserver, false)
|
||||
|
||||
## <desc>
|
||||
## <p>
|
||||
## Allow virt to use usb devices
|
||||
@ -177,6 +184,12 @@ tunable_policy(`virt_use_usb',`
|
||||
fs_manage_dos_files(svirt_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
tunable_policy(`virt_use_xserver',`
|
||||
xserver_stream_connect(svirt_t)
|
||||
')
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
xen_rw_image_files(svirt_t)
|
||||
')
|
||||
@ -426,6 +439,7 @@ optional_policy(`
|
||||
qemu_kill(virtd_t)
|
||||
qemu_setsched(virtd_t)
|
||||
qemu_entry_type(virt_domain)
|
||||
qemu_exec(virt_domain)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
||||
Loading…
Reference in New Issue
Block a user