30 lines
511 B
Plaintext
30 lines
511 B
Plaintext
policy_module(anvil-subnode, 1.0.0)
|
|
|
|
########################################
|
|
#
|
|
# Declarations
|
|
#
|
|
|
|
|
|
########################################
|
|
#
|
|
# Local policy
|
|
#
|
|
|
|
# Use existing types; don't declare unless it's new.
|
|
#
|
|
require {
|
|
type mnt_t;
|
|
type virsh_t;
|
|
class file { open read };
|
|
}
|
|
|
|
|
|
#============= drbd_t ==============
|
|
# drbd rules will be provided by drbd-utils package.
|
|
|
|
|
|
#============= virsh_t ==============
|
|
# Needed for virsh to access the domain XMLs under /mnt.
|
|
allow virsh_t mnt_t:file { open read };
|