build: initial selinux policy for anvil-node

10 months ago · 54646bfb66
parent b3fbba8b49
commit 54646bfb66
2 changed files with 27 additions and 0 deletions
--- a/selinux/Makefile.am
+++ b/selinux/Makefile.am
@ -0,0 +1,20 @@
+MAINTAINERCLEANFILES    = Makefile.in
+
+SE_MAKEFILE_PATH	= /usr/share/selinux/devel/Makefile
+SE_TYPE			= targeted
+
+anvil-node.pp: anvil-node.te
+	-@echo "Target: anvil-node.pp"
+	-@if ! test -r $(SE_MAKEFILE_PATH); then \
+	  -@echo "Missing makefile from selinux devel. \
+	    Did you forget to install the selinux-policy-devel package?"
+	fi
+	make -f $(SE_MAKEFILE_PATH) $@
+
+install:
+	-@echo "Target: install"
+	install -D -m 0644 -t $(DESTDIR)/usr/share/selinux/packages/$(SE_TYPE)/ anvil-node.pp
+
+clean:
+	-@echo "Target: clean"
+	rm -f *.pp
--- a/selinux/anvil-node.te
+++ b/selinux/anvil-node.te
@ -0,0 +1,7 @@
+#============= drbd_t ==============
+allow drbd_t self:netlink_generic_socket { bind create getattr setopt };
+allow drbd_t var_lock_t:file { read lock open write };
+
+
+#============= virsh_t ==============
+allow virsh_t mnt_t:file { open read };