[ovs-dev] [PATCH] selinux: allow dpdkvhostuserclient sockets with newer libvirt
Guoshuai Li
ligs at dtdream.com
Tue Feb 27 04:41:45 UTC 2018
> diff --git a/selinux/openvswitch-custom.te.in b/selinux/openvswitch-custom.te.in
> index c1a774f0e..7b9c1c7a0 100644
> --- a/selinux/openvswitch-custom.te.in
> +++ b/selinux/openvswitch-custom.te.in
> @@ -14,6 +14,7 @@ require {
> type hugetlbfs_t;
> type kernel_t;
> type svirt_image_t;
Is missing type svirt_t; ?
The compilation failed:
openvswitch-custom.te:53:ERROR 'unknown type svirt_t' at token ';' on
line 1042:
allow openvswitch_t svirt_tmpfs_t:sock_file { read write append getattr
open };
allow openvswitch_t svirt_t:unix_stream_socket { connectto read write
getattr sendto recvfrom setopt };
Thanks ~!
> + type svirt_tmpfs_t;
> type vfio_device_t;
> @end_dpdk@
> +allow openvswitch_t svirt_t:unix_stream_socket { connectto read write getattr sendto recvfrom setopt };
> allow openvswitch_t vfio_device_t:chr_file { read write open ioctl getattr };
More information about the dev
mailing list