[Libvirt-cim] SELinux support in libvirt-cim
Sharad Mishra
snmishra at linux.vnet.ibm.com
Thu Feb 16 16:36:35 UTC 2012
Using my imap account to send this email. Hopefully, it will make it
this time.
-Sharad
>
> Hi,
>
> In order to add support for selinux in libvirt-cim. I created the
> following policy -
>
>
> ***********************************************
> module mypolicy 1.0;
>
> require {
> type pegasus_var_run_t;
> type pegasus_t;
> class sock_file write;
> class unix_stream_socket connectto;
> }
>
> #============= pegasus_t ==============
> allow pegasus_t pegasus_var_run_t:sock_file write;
> allow pegasus_t self:unix_stream_socket connectto;
>
> *****************************************
>
> To create this policy -
>
> 1. Turn on selinux in permissive mode
>
> # sestatus
> SELinux status: enabled
> SELinuxfs mount: /selinux
> Current mode: permissive
> Mode from config file: enforcing
> Policy version: 24
> Policy from config file: targeted
>
> 2. Verified that /var/log/audit/audit.log was empty
>
> 3. Ran entire cimtest suite
>
> 4. ran 'audit2allow -M newpolicy < /var/log/audit/audit.log
>
> I am not familiar with selinux. Is this the right approach? Did I miss
> anything?
>
> Regards,
> Sharad Mishra
> Open Virtualization
> Linux Technology Center
> IBM
>
More information about the Libvirt-cim
mailing list