Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--policy/modules/contrib/qemu.if20
-rw-r--r--policy/modules/contrib/qemu.te9
-rw-r--r--policy/modules/contrib/vde.te4
3 files changed, 33 insertions, 0 deletions
diff --git a/policy/modules/contrib/qemu.if b/policy/modules/contrib/qemu.if
index eaf56b8b..ea947bc4 100644
--- a/policy/modules/contrib/qemu.if
+++ b/policy/modules/contrib/qemu.if
@@ -374,3 +374,23 @@ interface(`qemu_entry_type',`
domain_entry_file($1, qemu_exec_t)
')
+
+# Gentoo specific but cannot use ifdef distro_gentoo here
+
+#######################################
+## <summary>
+## Read/write to qemu socket files in /var/run
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`qemu_rw_pid_sock_files',`
+ gen_require(`
+ type qemu_var_run_t;
+ ')
+
+ allow $1 qemu_var_run_t:sock_file rw_sock_file_perms;
+')
diff --git a/policy/modules/contrib/qemu.te b/policy/modules/contrib/qemu.te
index 9a6a082c..cf647bb6 100644
--- a/policy/modules/contrib/qemu.te
+++ b/policy/modules/contrib/qemu.te
@@ -62,9 +62,18 @@ ifdef(`distro_gentoo',`
#
# Local policy
#
+ type qemu_var_run_t;
+ files_pid_file(qemu_var_run_t)
+
+ # VNC/GDB support
allow qemu_t self:tcp_socket create_stream_socket_perms;
allow qemu_t self:udp_socket create_socket_perms;
+ # Network related socket
+ allow qemu_t qemu_var_run_t:sock_file manage_sock_file_perms;
+
+ files_pid_filetrans(qemu_t, qemu_var_run_t, sock_file)
+
optional_policy(`
vde_connect(qemu_t)
')
diff --git a/policy/modules/contrib/vde.te b/policy/modules/contrib/vde.te
index 3b894916..56f668d7 100644
--- a/policy/modules/contrib/vde.te
+++ b/policy/modules/contrib/vde.te
@@ -47,3 +47,7 @@ miscfiles_read_localization(vde_t)
corenet_rw_tun_tap_dev(vde_t)
logging_send_syslog_msg(vde_t)
+
+optional_policy(`
+ qemu_rw_pid_sock_files(vde_t)
+')