Local modifications to ClusterLabs/Anvil by Alteeve
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
|
|
|
policy_module(anvil-subnode, 1.1.0)
|
|
|
|
|
|
|
|
|
|
########################################
|
|
|
|
|
#
|
|
|
|
|
# Declarations
|
|
|
|
|
#
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
########################################
|
|
|
|
|
#
|
|
|
|
|
# Local policy
|
|
|
|
|
#
|
|
|
|
|
|
|
|
|
|
# Use existing types; don't declare unless it's new.
|
|
|
|
|
#
|
|
|
|
|
require {
|
|
|
|
|
type mnt_t;
|
|
|
|
|
type sysctl_vm_t;
|
|
|
|
|
type svirt_t;
|
|
|
|
|
type virsh_t;
|
|
|
|
|
class file { getattr open read };
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#============= drbd_t ==============
|
|
|
|
|
# drbd rules will be provided by drbd-utils package.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#============= virsh_t ==============
|
|
|
|
|
# Needed for virsh to access the domain XMLs under /mnt.
|
|
|
|
|
allow virsh_t mnt_t:file { open read };
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#============= svirt_t ==============
|
|
|
|
|
# Workaround until QEMU fixes its policy for RHEL/Almalinux >= 9.4
|
|
|
|
|
allow svirt_t sysctl_vm_t:file { getattr open read };
|
