Update policy for rpc-virtstorage

In particular, domain transition on udev and parted execution and r/w operations on fixed disk devices were allowed. Resolves: rhbz#2305564
fedora-selinux · Sep 4, 2024 · fa05e07 · fa05e07
1 parent 5d34a85
commit fa05e07
Showing 1 changed file with 12 additions and 0 deletions.
diff --git a/policy/modules/contrib/virt.te b/policy/modules/contrib/virt.te
@@ -2334,23 +2334,35 @@ manage_files_pattern(virtstoraged_t, virt_var_lib_t, virt_var_lib_t)
 
 manage_lnk_files_pattern(virtstoraged_t, virt_etc_rw_t, virt_etc_rw_t)
 
+kernel_get_sysvipc_info(virtstoraged_t)
 kernel_io_uring_use(virtstoraged_t)
 
 corecmd_exec_bin(virtstoraged_t)
 
 fs_getattr_all_fs(virtstoraged_t)
 fs_getattr_configfs_dirs(virtstoraged_t)
 
+storage_raw_read_fixed_disk(virtstoraged_t)
+storage_raw_write_fixed_disk(virtstoraged_t)
+
 userdom_read_user_home_content_files(virtstoraged_t)
 
 optional_policy(`
 	dnsmasq_filetrans_named_content_fromdir(virtstoraged_t, virtstoraged_var_run_t)
 ')
 
+optional_policy(`
+	fstools_domtrans(virtstoraged_t)
+')
+
 optional_policy(`
 	lvm_domtrans(virtstoraged_t)
 ')
 
+optional_policy(`
+	udev_domtrans(virtstoraged_t)
+')
+
 #######################################
 #
 # virtvboxd local policy