Stephen Smalley wrote: > > The assertion is to prevent accidental granting of read access to a > raw disk device. Is that truly required here? Probably - the root disk of the guest O/S instance is an lvm partition, e.g. /dev/vg01/lv_guest > To allow it, you need to use the interface for it, e.g. > storage_raw_read_fixed_disk(xm_t) That interface is defined in > kernel/storage.if. In addition to allowing the permission, it adds a > type attribute to the type that excludes from the assertion. So, what would that look like in the policy file? Thanks, R. -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
