[ovs-dev] [PATCH] selinux: allow dpdkvhostuserclient sockets with newer libvirt

Aaron Conole aconole at redhat.com
Tue Feb 27 14:06:38 UTC 2018


Guoshuai Li <ligs at dtdream.com> writes:

>> diff --git a/selinux/openvswitch-custom.te.in
>> b/selinux/openvswitch-custom.te.in
>> index c1a774f0e..7b9c1c7a0 100644
>> --- a/selinux/openvswitch-custom.te.in
>> +++ b/selinux/openvswitch-custom.te.in
>> @@ -14,6 +14,7 @@ require {
>>           type hugetlbfs_t;
>>           type kernel_t;
>>           type svirt_image_t;
> Is missing type svirt_t; ?
>
> The compilation failed:
> openvswitch-custom.te:53:ERROR 'unknown type svirt_t' at token ';' on
> line 1042:
> allow openvswitch_t svirt_tmpfs_t:sock_file { read write append
> getattr open };
> allow openvswitch_t svirt_t:unix_stream_socket { connectto read write
> getattr sendto recvfrom setopt };
>
> Thanks ~!

I'll send a fix ASAP.

Sorry for this!

>> +        type svirt_tmpfs_t;
>>           type vfio_device_t;
>>   @end_dpdk@
>
>> +allow openvswitch_t svirt_t:unix_stream_socket { connectto read write getattr sendto recvfrom setopt };
>>   allow openvswitch_t vfio_device_t:chr_file { read write open ioctl getattr };


More information about the dev mailing list