[ovs-dev] selinux: include the svirt_t type

Message ID	20180227142152.12656-1-aconole@redhat.com
State	Accepted
Headers	show Return-Path: <ovs-dev-bounces@openvswitch.org> From: Aaron Conole <aconole@redhat.com> To: dev@openvswitch.org Date: Tue, 27 Feb 2018 09:21:52 -0500 Message-Id: <20180227142152.12656-1-aconole@redhat.com> Cc: Ansis Atteka <aatteka@ovn.org> Subject: [ovs-dev] [PATCH] selinux: include the svirt_t type Precedence: list MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org
Series	[ovs-dev] selinux: include the svirt_t type \| expand [ovs-dev] selinux: include the svirt_t type

Message ID

20180227142152.12656-1-aconole@redhat.com

State

Accepted

Headers

From: Aaron Conole <aconole@redhat.com>
To: dev@openvswitch.org
Date: Tue, 27 Feb 2018 09:21:52 -0500
Message-Id: <20180227142152.12656-1-aconole@redhat.com>
Cc: Ansis Atteka <aatteka@ovn.org>
Subject: [ovs-dev] [PATCH] selinux: include the svirt_t type
Precedence: list
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ovs-dev-bounces@openvswitch.org
Errors-To: ovs-dev-bounces@openvswitch.org

Series

[ovs-dev] selinux: include the svirt_t type | expand

Commit Message

Aaron Conole Feb. 27, 2018, 2:21 p.m. UTC

The dpdk policy adds support for interacting with libvirt, but failed
to include the appropriate svirt_t type.  This results in an error
like:

    openvswitch-custom.te:53:ERROR 'unknown type svirt_t' at token ';' on line 1060:

Reported-by: Guoshuai Li <ligs@dtdream.com>
Signed-off-by: Aaron Conole <aconole@redhat.com>
---
NOTE: Apologies.  I was working on a domain transition script and
      completely forgot to re-run the testing with dpdk enabled.

 selinux/openvswitch-custom.te.in | 1 +
 1 file changed, 1 insertion(+)

Comments

Ansis Feb. 27, 2018, 6:18 p.m. UTC | #1

On 27 February 2018 at 06:21, Aaron Conole <aconole@redhat.com> wrote:
> The dpdk policy adds support for interacting with libvirt, but failed
> to include the appropriate svirt_t type.  This results in an error
> like:
>
>     openvswitch-custom.te:53:ERROR 'unknown type svirt_t' at token ';' on line 1060:
>
> Reported-by: Guoshuai Li <ligs@dtdream.com>
> Signed-off-by: Aaron Conole <aconole@redhat.com>
Acked-by: Ansis Atteka <aatteka@ovn.org>

Thanks, pushed to the master branch.
> ---
> NOTE: Apologies.  I was working on a domain transition script and
>       completely forgot to re-run the testing with dpdk enabled.
>
>  selinux/openvswitch-custom.te.in | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/selinux/openvswitch-custom.te.in b/selinux/openvswitch-custom.te.in
> index 7b9c1c7a0..db3cf6d8d 100644
> --- a/selinux/openvswitch-custom.te.in
> +++ b/selinux/openvswitch-custom.te.in
> @@ -13,6 +13,7 @@ require {
>  @begin_dpdk@
>          type hugetlbfs_t;
>          type kernel_t;
> +        type svirt_t;
>          type svirt_image_t;
>          type svirt_tmpfs_t;
>          type vfio_device_t;
> --
> 2.14.3
>

diff --git a/selinux/openvswitch-custom.te.in b/selinux/openvswitch-custom.te.in
index 7b9c1c7a0..db3cf6d8d 100644
--- a/selinux/openvswitch-custom.te.in
+++ b/selinux/openvswitch-custom.te.in
@@ -13,6 +13,7 @@  require {
 @begin_dpdk@
         type hugetlbfs_t;
         type kernel_t;
+        type svirt_t;
         type svirt_image_t;
         type svirt_tmpfs_t;
         type vfio_device_t;

[ovs-dev] selinux: include the svirt_t type

Commit Message

Comments

Patch