48 lines
1.6 KiB
Diff
48 lines
1.6 KiB
Diff
From b5276c6f67c17ab5636f787c5a2177f77594fa2b Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
|
|
Date: Sat, 13 Jul 2024 13:37:29 +0400
|
|
Subject: [PATCH] selinux
|
|
|
|
---
|
|
src/selinux/swtpm.te | 1 +
|
|
src/selinux/swtpm_svirt.te | 4 ++++
|
|
2 files changed, 5 insertions(+)
|
|
|
|
diff --git a/src/selinux/swtpm.te b/src/selinux/swtpm.te
|
|
index 2327721..f1c6867 100644
|
|
--- a/src/selinux/swtpm.te
|
|
+++ b/src/selinux/swtpm.te
|
|
@@ -34,6 +34,7 @@ allow swtpm_t virt_var_lib_t:file { create rename setattr unlink write };
|
|
allow swtpm_t virtqemud_t:unix_stream_socket { read write getattr };
|
|
allow swtpm_t virtqemud_tmp_t:file { open write };
|
|
|
|
+virt_read_log(swtpm_t)
|
|
|
|
domain_use_interactive_fds(swtpm_t)
|
|
|
|
diff --git a/src/selinux/swtpm_svirt.te b/src/selinux/swtpm_svirt.te
|
|
index f7b886c..424efa7 100644
|
|
--- a/src/selinux/swtpm_svirt.te
|
|
+++ b/src/selinux/swtpm_svirt.te
|
|
@@ -13,6 +13,7 @@ require {
|
|
type user_tmp_t;
|
|
type virtd_t;
|
|
type virtqemud_t;
|
|
+ type virt_var_run_t;
|
|
}
|
|
|
|
swtpm_domtrans(svirt_t)
|
|
@@ -27,6 +28,9 @@ allow svirt_t user_tmp_t:sock_file { create setattr unlink };
|
|
allow svirt_t virtd_t:dir search;
|
|
allow svirt_t virtd_t:fifo_file write;
|
|
allow svirt_t virtqemud_t:fifo_file write;
|
|
+allow svirt_t virt_var_run_t:dir { write add_name remove_name };
|
|
+allow svirt_t virt_var_run_t:file { create write setattr unlink };
|
|
+allow svirt_t virt_var_run_t:sock_file { create write setattr unlink };
|
|
|
|
# For virt-install (see https://bugzilla.redhat.com/show_bug.cgi?id=2283878 )
|
|
allow svirt_tcg_t user_tmp_t:sock_file { create setattr unlink };
|
|
--
|
|
2.47.0
|
|
|