[ovs-dev] [PATCH] selinux: include the svirt_t type

Tue Feb 27 14:21:52 UTC 2018

The dpdk policy adds support for interacting with libvirt, but failed
to include the appropriate svirt_t type.  This results in an error
like:

    openvswitch-custom.te:53:ERROR 'unknown type svirt_t' at token ';' on line 1060:

Reported-by: Guoshuai Li <ligs at dtdream.com>
Signed-off-by: Aaron Conole <aconole at redhat.com>
---
NOTE: Apologies.  I was working on a domain transition script and
      completely forgot to re-run the testing with dpdk enabled.

 selinux/openvswitch-custom.te.in | 1 +
 1 file changed, 1 insertion(+)

diff --git a/selinux/openvswitch-custom.te.in b/selinux/openvswitch-custom.te.in
index 7b9c1c7a0..db3cf6d8d 100644
--- a/selinux/openvswitch-custom.te.in
+++ b/selinux/openvswitch-custom.te.in
@@ -13,6 +13,7 @@ require {
 @begin_dpdk@
         type hugetlbfs_t;
         type kernel_t;
+        type svirt_t;
         type svirt_image_t;
         type svirt_tmpfs_t;
         type vfio_device_t;
-- 
2.14.3

