Re: [PATCH v2 1/4] Add SELinux policy for virt

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Apr 07, 2021 at 07:08:34AM -0700, Vit Mojzis wrote:
> From: Nikola Knazekova <nknazeko@xxxxxxxxxx>
> 
> SELinux policy was created for:
> 
> Hypervisor drivers:
> - virtqemud (QEMU/KVM)
> - virtlxcd (LXC)
> - virtvboxd (VirtualBox)
> 
> Secondary drivers:
> - virtstoraged (host storage mgmt)
> - virtnetworkd (virtual network mgmt)
> - virtinterface (network interface mgmt)
> - virtnodedevd (physical device mgmt)
> - virtsecretd (security credential mgmt)
> - virtnwfilterd (ip[6]tables/ebtables mgmt)
> - virtproxyd (proxy daemon)
> 
> SELinux policy for virtvxz and virtxend has not been created yet, because I wasn't able to reproduce AVC messages. These drivers run in unconfined_domain until the AVC messages are reproduced internally and policy for these drivers is made.
> 
> Signed-off-by: Nikola Knazekova <nknazeko@xxxxxxxxxx>
> ---
>  libvirt.spec.in |   64 ++

I'd suggest just removing these parts of the patch, since
we're changing it again twice in later patches.

Just add the RPM spec changes attime you add the meson
build rules.

This patch can just be the policy  file import

>  selinux/virt.fc |  111 +++
>  selinux/virt.if | 1984 ++++++++++++++++++++++++++++++++++++++++++++
>  selinux/virt.te | 2086 +++++++++++++++++++++++++++++++++++++++++++++++

Put these into $GIT/src/security/selinux, since that's alongside
where we store the apparmor policy.

Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux