On 02/16/2012 02:36 PM, Sharad Mishra wrote:
Hi,
In order to add support for selinux in libvirt-cim. I created the following policy -
*********************************************** module mypolicy 1.0;
require { type pegasus_var_run_t; type pegasus_t; class sock_file write; class unix_stream_socket connectto; }
#============= pegasus_t ============== allow pegasus_t pegasus_var_run_t:sock_file write; allow pegasus_t self:unix_stream_socket connectto;
*****************************************
To create this policy -
1. Turn on selinux in permissive mode
# sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode: permissive Mode from config file: enforcing Policy version: 24 Policy from config file: targeted
2. Verified that /var/log/audit/audit.log was empty
3. Ran entire cimtest suite
4. ran 'audit2allow -M newpolicy < /var/log/audit/audit.log
I am not familiar with selinux. Is this the right approach? Did I miss anything?
Hi Sharad, SELinux is indeed something I don't know even how to get it wrong. Sorry. Maybe others can help. Best regards, Eduardo -- Eduardo de Barros Lima Software Engineer, Open Virtualization Linux Technology Center - IBM/Brazil eblima@br.ibm.com