[Libvirt-cim] SELinux support in libvirt-cim

Hi, In order to add support for selinux in libvirt-cim. I created the following policy - *********************************************** module mypolicy 1.0; require { type pegasus_var_run_t; type pegasus_t; class sock_file write; class unix_stream_socket connectto; } #============= pegasus_t ============== allow pegasus_t pegasus_var_run_t:sock_file write; allow pegasus_t self:unix_stream_socket connectto; ***************************************** To create this policy - 1. Turn on selinux in permissive mode # sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode: permissive Mode from config file: enforcing Policy version: 24 Policy from config file: targeted 2. Verified that /var/log/audit/audit.log was empty 3. Ran entire cimtest suite 4. ran 'audit2allow -M newpolicy < /var/log/audit/audit.log I am not familiar with selinux. Is this the right approach? Did I miss anything? Regards, Sharad Mishra Open Virtualization Linux Technology Center IBM