* [gentoo-commits] proj/hardened-refpolicy:master commit in: config/appconfig-mls/, config/appconfig-mcs/, config/appconfig-standard/, /
@ 2016-03-11 17:20 Jason Zaman
0 siblings, 0 replies; only message in thread
From: Jason Zaman @ 2016-03-11 17:20 UTC (permalink / raw
To: gentoo-commits
commit: 32348d254dbfba60ae8671f958bc302281cce8c6
Author: Laurent Bigonville <bigon <AT> bigon <DOT> be>
AuthorDate: Fri Feb 19 15:43:10 2016 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Fri Mar 11 17:15:38 2016 +0000
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=32348d25
Add lxc_contexts config file
selinux_lxc_contexts_path() function in upstream libselinux points to
this config file. It is ATM used by libvirt.
The file from Fedora also contains sandbox_lxc_process and
sandbox_kvm_process parameters, but I cannot find where they are used,
keep them out of the file for the time being.
Makefile | 2 +-
config/appconfig-mcs/lxc_contexts | 3 +++
config/appconfig-mls/lxc_contexts | 3 +++
config/appconfig-standard/lxc_contexts | 3 +++
4 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/Makefile b/Makefile
index 1bc69a1..76edb27 100644
--- a/Makefile
+++ b/Makefile
@@ -252,7 +252,7 @@ seusers := $(appconf)/seusers
appdir := $(contextpath)
user_default_contexts := $(wildcard config/appconfig-$(TYPE)/*_default_contexts)
user_default_contexts_names := $(addprefix $(contextpath)/users/,$(subst _default_contexts,,$(notdir $(user_default_contexts))))
-appfiles := $(addprefix $(appdir)/,default_contexts default_type initrc_context failsafe_context userhelper_context removable_context dbus_contexts sepgsql_contexts x_contexts customizable_types securetty_types virtual_domain_context virtual_image_context) $(contextpath)/files/media $(fcsubspath) $(user_default_contexts_names)
+appfiles := $(addprefix $(appdir)/,default_contexts default_type initrc_context failsafe_context userhelper_context removable_context dbus_contexts sepgsql_contexts x_contexts customizable_types securetty_types lxc_contexts virtual_domain_context virtual_image_context) $(contextpath)/files/media $(fcsubspath) $(user_default_contexts_names)
net_contexts := $(builddir)net_contexts
all_layers := $(shell find $(wildcard $(moddir)/*) -maxdepth 0 -type d)
diff --git a/config/appconfig-mcs/lxc_contexts b/config/appconfig-mcs/lxc_contexts
new file mode 100644
index 0000000..bf3fcc1
--- /dev/null
+++ b/config/appconfig-mcs/lxc_contexts
@@ -0,0 +1,3 @@
+process = "system_u:system_r:svirt_lxc_net_t:s0"
+content = "system_u:object_r:virt_var_lib_t:s0"
+file = "system_u:object_r:svirt_lxc_file_t:s0"
diff --git a/config/appconfig-mls/lxc_contexts b/config/appconfig-mls/lxc_contexts
new file mode 100644
index 0000000..bf3fcc1
--- /dev/null
+++ b/config/appconfig-mls/lxc_contexts
@@ -0,0 +1,3 @@
+process = "system_u:system_r:svirt_lxc_net_t:s0"
+content = "system_u:object_r:virt_var_lib_t:s0"
+file = "system_u:object_r:svirt_lxc_file_t:s0"
diff --git a/config/appconfig-standard/lxc_contexts b/config/appconfig-standard/lxc_contexts
new file mode 100644
index 0000000..b386c6a
--- /dev/null
+++ b/config/appconfig-standard/lxc_contexts
@@ -0,0 +1,3 @@
+process = "system_u:system_r:svirt_lxc_net_t"
+content = "system_u:object_r:virt_var_lib_t"
+file = "system_u:object_r:svirt_lxc_file_t"
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2016-03-11 17:20 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-03-11 17:20 [gentoo-commits] proj/hardened-refpolicy:master commit in: config/appconfig-mls/, config/appconfig-mcs/, config/appconfig-standard/, / Jason Zaman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox