selinux-refpolicy.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [refpolicy] [PATCH] vhost: Add /dev/vhost-scsi device of type vhost_device_t.
@ 2018-07-13 17:05 Jagannathan Raman
  2018-07-15 20:57 ` Chris PeBenito
  0 siblings, 1 reply; 2+ messages in thread
From: Jagannathan Raman @ 2018-07-13 17:05 UTC (permalink / raw)
  To: refpolicy

Signed-off-by: Jagannathan Raman <jag.raman@oracle.com>
---
 policy/modules/kernel/devices.fc | 1 +
 policy/modules/kernel/devices.if | 2 +-
 policy/modules/kernel/devices.te | 3 ++-
 3 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/policy/modules/kernel/devices.fc b/policy/modules/kernel/devices.fc
index e206720..5ec14ac 100644
--- a/policy/modules/kernel/devices.fc
+++ b/policy/modules/kernel/devices.fc
@@ -120,6 +120,7 @@ ifdef(`distro_suse', `
 ')
 /dev/vfio/.+		-c      gen_context(system_u:object_r:vfio_device_t,s0)
 /dev/vhost-net		-c	gen_context(system_u:object_r:vhost_device_t,s0)
+/dev/vhost-scsi		-c	gen_context(system_u:object_r:vhost_device_t,s0)
 /dev/vbi.*		-c	gen_context(system_u:object_r:v4l_device_t,s0)
 /dev/vbox.*		-c	gen_context(system_u:object_r:xserver_misc_device_t,s0)
 /dev/vga_arbiter	-c	gen_context(system_u:object_r:xserver_misc_device_t,s0)
diff --git a/policy/modules/kernel/devices.if b/policy/modules/kernel/devices.if
index 6bbea59..65bfcb6 100644
--- a/policy/modules/kernel/devices.if
+++ b/policy/modules/kernel/devices.if
@@ -4839,7 +4839,7 @@ interface(`dev_relabelfrom_vfio_dev',`
 
 ############################
 ## <summary>
-##	Allow read/write the vhost net device
+##	Allow read/write the vhost devices
 ## </summary>
 ## <param name="domain">
 ##	<summary>
diff --git a/policy/modules/kernel/devices.te b/policy/modules/kernel/devices.te
index 4ce5fec..79b9c8d 100644
--- a/policy/modules/kernel/devices.te
+++ b/policy/modules/kernel/devices.te
@@ -286,7 +286,8 @@ type v4l_device_t;
 dev_node(v4l_device_t)
 
 #
-# vhost_device_t is the type for /dev/vhost-net
+# vhost_device_t is the type for vhost devices like
+# /dev/vhost-net and /dev/vhost-scsi
 #
 type vhost_device_t;
 dev_node(vhost_device_t)
-- 
1.8.3.1

^ permalink raw reply related	[flat|nested] 2+ messages in thread

* [refpolicy] [PATCH] vhost: Add /dev/vhost-scsi device of type vhost_device_t.
  2018-07-13 17:05 [refpolicy] [PATCH] vhost: Add /dev/vhost-scsi device of type vhost_device_t Jagannathan Raman
@ 2018-07-15 20:57 ` Chris PeBenito
  0 siblings, 0 replies; 2+ messages in thread
From: Chris PeBenito @ 2018-07-15 20:57 UTC (permalink / raw)
  To: refpolicy

On 07/13/2018 01:05 PM, Jagannathan Raman wrote:
> Signed-off-by: Jagannathan Raman <jag.raman@oracle.com>
> ---
>   policy/modules/kernel/devices.fc | 1 +
>   policy/modules/kernel/devices.if | 2 +-
>   policy/modules/kernel/devices.te | 3 ++-
>   3 files changed, 4 insertions(+), 2 deletions(-)
> 
> diff --git a/policy/modules/kernel/devices.fc b/policy/modules/kernel/devices.fc
> index e206720..5ec14ac 100644
> --- a/policy/modules/kernel/devices.fc
> +++ b/policy/modules/kernel/devices.fc
> @@ -120,6 +120,7 @@ ifdef(`distro_suse', `
>   ')
>   /dev/vfio/.+		-c      gen_context(system_u:object_r:vfio_device_t,s0)
>   /dev/vhost-net		-c	gen_context(system_u:object_r:vhost_device_t,s0)
> +/dev/vhost-scsi		-c	gen_context(system_u:object_r:vhost_device_t,s0)
>   /dev/vbi.*		-c	gen_context(system_u:object_r:v4l_device_t,s0)
>   /dev/vbox.*		-c	gen_context(system_u:object_r:xserver_misc_device_t,s0)
>   /dev/vga_arbiter	-c	gen_context(system_u:object_r:xserver_misc_device_t,s0)
> diff --git a/policy/modules/kernel/devices.if b/policy/modules/kernel/devices.if
> index 6bbea59..65bfcb6 100644
> --- a/policy/modules/kernel/devices.if
> +++ b/policy/modules/kernel/devices.if
> @@ -4839,7 +4839,7 @@ interface(`dev_relabelfrom_vfio_dev',`
>   
>   ############################
>   ## <summary>
> -##	Allow read/write the vhost net device
> +##	Allow read/write the vhost devices
>   ## </summary>
>   ## <param name="domain">
>   ##	<summary>
> diff --git a/policy/modules/kernel/devices.te b/policy/modules/kernel/devices.te
> index 4ce5fec..79b9c8d 100644
> --- a/policy/modules/kernel/devices.te
> +++ b/policy/modules/kernel/devices.te
> @@ -286,7 +286,8 @@ type v4l_device_t;
>   dev_node(v4l_device_t)
>   
>   #
> -# vhost_device_t is the type for /dev/vhost-net
> +# vhost_device_t is the type for vhost devices like
> +# /dev/vhost-net and /dev/vhost-scsi
>   #
>   type vhost_device_t;
>   dev_node(vhost_device_t)

Merged.

-- 
Chris PeBenito

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2018-07-15 20:57 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-07-13 17:05 [refpolicy] [PATCH] vhost: Add /dev/vhost-scsi device of type vhost_device_t Jagannathan Raman
2018-07-15 20:57 ` Chris PeBenito

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).