From e5d7b8c361c349c38099f273b7124b5927847f8d Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Tue, 12 Jul 2011 15:15:39 -0400 Subject: [PATCH] Allow virtd_t to use ptys created by svirt domains, this is needed in order to do virsh console connect --- policy/modules/services/virt.if | 3 ++- policy/modules/services/virt.te | 2 ++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/policy/modules/services/virt.if b/policy/modules/services/virt.if index 5c0a7a4d..411edf39 100644 --- a/policy/modules/services/virt.if +++ b/policy/modules/services/virt.if @@ -15,6 +15,7 @@ template(`virt_domain_template',` gen_require(` attribute virt_image_type, virt_domain; attribute virt_tmpfs_type; + attribute virt_ptynode; ') type $1_t, virt_domain; @@ -24,7 +25,7 @@ template(`virt_domain_template',` mcs_untrusted_proc($1_t) role system_r types $1_t; - type $1_devpts_t; + type $1_devpts_t, virt_ptynode; term_pty($1_devpts_t) type $1_tmp_t; diff --git a/policy/modules/services/virt.te b/policy/modules/services/virt.te index 4dec4ad2..a8367793 100644 --- a/policy/modules/services/virt.te +++ b/policy/modules/services/virt.te @@ -6,6 +6,7 @@ policy_module(virt, 1.4.0) # attribute virsh_transition_domain; +attribute virt_ptynode; ## ##

@@ -253,6 +254,7 @@ manage_blk_files_pattern(virtd_t, virt_image_type, virt_image_type) manage_lnk_files_pattern(virtd_t, virt_image_type, virt_image_type) allow virtd_t virt_image_type:file relabel_file_perms; allow virtd_t virt_image_type:blk_file relabel_blk_file_perms; +allow virtd_t virt_ptynode:chr_file rw_term_perms; manage_dirs_pattern(virtd_t, virt_tmp_t, virt_tmp_t) manage_files_pattern(virtd_t, virt_tmp_t, virt_tmp_t) -- 2.47.2