allow $1 tun_tap_device_t:chr_file rw_chr_file_perms;
')
+########################################
+## <summary>
+## Read and write inherited TUN/TAP virtual network device.
+## </summary>
+## <param name="domain">
+## <summary>
+## The domain allowed access.
+## </summary>
+## </param>
+#
+interface(`corenet_rw_inherited_tun_tap_dev',`
+ gen_require(`
+ type tun_tap_device_t;
+ ')
+
+ allow $1 tun_tap_device_t:chr_file rw_inherited_chr_file_perms;
+')
+
########################################
## <summary>
## Do not audit attempts to read or write the TUN/TAP
rw_chr_files_pattern($1, device_t, vhost_device_t)
')
+########################################
+## <summary>
+## Allow read/write inheretid the vhost net device
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`dev_rw_inherited_vhost',`
+ gen_require(`
+ type device_t, vhost_device_t;
+ ')
+
+ allow $1 vhost_device_t:chr_file rw_inherited_chr_file_perms;
+')
+
########################################
## <summary>
## Read and write VMWare devices.
corenet_tcp_sendrecv_all_ports(virt_domain)
corenet_tcp_bind_generic_node(virt_domain)
corenet_tcp_bind_vnc_port(virt_domain)
-corenet_rw_tun_tap_dev(virt_domain)
corenet_tcp_bind_virt_migration_port(virt_domain)
corenet_tcp_connect_virt_migration_port(virt_domain)
+corenet_rw_inherited_tun_tap_dev(virt_domain)
dev_read_generic_symlinks(virt_domain)
dev_read_rand(virt_domain)
dev_rw_ksm(virt_domain)
dev_rw_kvm(virt_domain)
dev_rw_qemu(virt_domain)
-dev_rw_vhost(virt_domain)
+dev_rw_inherited_vhost(virt_domain)
domain_use_interactive_fds(virt_domain)
projects / people / stevee / selinux-policy.git / commitdiff
