Add SELinux policy for Virt
Nikola Knazekova
nknazeko at redhat.com
Wed Mar 10 12:41:13 UTC 2021
Hi,
I created SELinux policy for Libvirt drivers, as part of Decentralized SELinux Policy (DSP) project.
DSP guidelines is available: https://fedoraproject.org/wiki/SELinux/IndependentPolicy
Discussion about the first version of SELinux policy for Libvirt is available on gitlab:
https://gitlab.com/libvirt/libvirt/-/merge_requests/65
SELinux policy was created for:
Hypervisor drivers:
- virtqemud (QEMU/KVM)
- virtlxcd (LXC)
- virtvboxd (VirtualBox)
Secondary drivers:
- virtstoraged (host storage mgmt)
- virtnetworkd (virtual network mgmt)
- virtinterface (network interface mgmt)
- virtnodedevd (physical device mgmt)
- virtsecretd (security credential mgmt)
- virtnwfilterd (ip[6]tables/ebtables mgmt)
- virtproxyd (proxy daemon)
SELinux policy for virtvxz and virtxend has not been created yet, because I wasn't able to reproduce AVC messages.
These drivers run in unconfined_domain until the AVC messages are reproduced internally and policy for these drivers is made.
Can you please look at it?
Thanks
Nikola
More information about the libvir-list
mailing list