[ovs-dev] [PATCH] selinux: allow dpdkvhostuserclient sockets with newer libvirt
Aaron Conole
aconole at redhat.com
Tue Feb 27 14:06:38 UTC 2018
Guoshuai Li <ligs at dtdream.com> writes:
>> diff --git a/selinux/openvswitch-custom.te.in
>> b/selinux/openvswitch-custom.te.in
>> index c1a774f0e..7b9c1c7a0 100644
>> --- a/selinux/openvswitch-custom.te.in
>> +++ b/selinux/openvswitch-custom.te.in
>> @@ -14,6 +14,7 @@ require {
>> type hugetlbfs_t;
>> type kernel_t;
>> type svirt_image_t;
> Is missing type svirt_t; ?
>
> The compilation failed:
> openvswitch-custom.te:53:ERROR 'unknown type svirt_t' at token ';' on
> line 1042:
> allow openvswitch_t svirt_tmpfs_t:sock_file { read write append
> getattr open };
> allow openvswitch_t svirt_t:unix_stream_socket { connectto read write
> getattr sendto recvfrom setopt };
>
> Thanks ~!
I'll send a fix ASAP.
Sorry for this!
>> + type svirt_tmpfs_t;
>> type vfio_device_t;
>> @end_dpdk@
>
>> +allow openvswitch_t svirt_t:unix_stream_socket { connectto read write getattr sendto recvfrom setopt };
>> allow openvswitch_t vfio_device_t:chr_file { read write open ioctl getattr };
More information about the dev
mailing list