seasharp
/
anvil
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(selinux): add temporary patch until QEMU fixes policy for 9.4

Browse Source
main
Tsu-ba-me 6 months ago committed by Madison Kelly
parent 420445d875
commit 80ef5232e8
1 changed files with 9 additions and 2 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 11
      selinux/anvil-subnode.te.in

11
selinux/anvil-subnode.te.in
Unescape View File

@ -1,4 +1,4 @@
policy_module(anvil-subnode, 1.0.0) policy_module(anvil-subnode, 1.1.0)
######################################## ########################################
# #
@ -15,8 +15,10 @@ policy_module(anvil-subnode, 1.0.0)
# #
require { require {
type mnt_t; type mnt_t;
type sysctl_vm_t;
type svirt_t;
type virsh_t; type virsh_t;
class file { open read }; class file { getattr open read };
} }
@ -27,3 +29,8 @@ require {
#============= virsh_t ============== #============= virsh_t ==============
# Needed for virsh to access the domain XMLs under /mnt. # Needed for virsh to access the domain XMLs under /mnt.
allow virsh_t mnt_t:file { open read }; allow virsh_t mnt_t:file { open read };
#============= svirt_t ==============
# Workaround until QEMU fixes its policy for RHEL/Almalinux >= 9.4
allow svirt_t sysctl_vm_t:file { getattr open read };

Write Preview
Loading…
Cancel
Save