
Using my imap account to send this email. Hopefully, it will make it this time. -Sharad
Hi,
In order to add support for selinux in libvirt-cim. I created the following policy -
*********************************************** module mypolicy 1.0;
require { type pegasus_var_run_t; type pegasus_t; class sock_file write; class unix_stream_socket connectto; }
#============= pegasus_t ============== allow pegasus_t pegasus_var_run_t:sock_file write; allow pegasus_t self:unix_stream_socket connectto;
*****************************************
To create this policy -
1. Turn on selinux in permissive mode
# sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode: permissive Mode from config file: enforcing Policy version: 24 Policy from config file: targeted
2. Verified that /var/log/audit/audit.log was empty
3. Ran entire cimtest suite
4. ran 'audit2allow -M newpolicy < /var/log/audit/audit.log
I am not familiar with selinux. Is this the right approach? Did I miss anything?
Regards, Sharad Mishra Open Virtualization Linux Technology Center IBM