commit: c5a0ff1ec0997bf6887ccdf1620c7630d49675ed
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Thu Apr 12 11:38:06 2018 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sun Apr 22 11:53:59 2018 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=c5a0ff1e
virt: Add netlink socket and filetrans
policy/modules/contrib/virt.te | 2 ++
1 file changed, 2 insertions(+)
diff --git a/policy/modules/contrib/virt.te b/policy/modules/contrib/virt.te
index dd4ae9b5..73d53004 100644
--- a/policy/modules/contrib/virt.te
+++ b/policy/modules/contrib/virt.te
@@ -475,6 +475,7 @@ allow virtd_t self:tcp_socket { accept listen };
allow virtd_t self:tun_socket { create_socket_perms relabelfrom relabelto };
allow virtd_t self:rawip_socket create_socket_perms;
allow virtd_t self:packet_socket create_socket_perms;
+allow virtd_t self:netlink_generic_socket create_socket_perms;
allow virtd_t self:netlink_kobject_uevent_socket create_socket_perms;
allow virtd_t self:netlink_route_socket nlmsg_write;
@@ -493,6 +494,7 @@ domtrans_pattern(virtd_t, virtd_lxc_exec_t, virtd_lxc_t)
manage_dirs_pattern(virtd_t, virt_cache_t, virt_cache_t)
manage_files_pattern(virtd_t, virt_cache_t, virt_cache_t)
+files_var_filetrans(virtd_t, virt_cache_t, { file dir })
manage_dirs_pattern(virtd_t, virt_content_t, virt_content_t)
manage_files_pattern(virtd_t, virt_content_t, virt_content_t)
