rpms / selinux-policy

Clone
Source Code
GIT

Blame mls/domains/program/unused/vmware.te

c10s-sig-hyperscale c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-atomic c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta c9s-sig-hyperscale
  1.   8cffa788409f794c526e01c4feebff1e3ce145bd
  2.   mls
  3.   domains
  4.   program
  5.   unused
  6.   vmware.te
Blob History Raw
Chris PeBenito 31b7c0 
#DESC VMWare - Virtual machine
Chris PeBenito 31b7c0 
#
Chris PeBenito 31b7c0 
# Domains,types and permissions for running VMWare (the program) and for
Chris PeBenito 31b7c0 
# running a SELinux system in a VMWare session (the VMWare-tools).
Chris PeBenito 31b7c0 
#
Chris PeBenito 31b7c0 
# Based on work contributed by Mark Westerman (mark.westerman@westcam.com),
Chris PeBenito 31b7c0 
# modifications by NAI Labs.
Chris PeBenito 31b7c0 
#
Chris PeBenito 31b7c0 
# Domain is for the VMWare admin programs and daemons.
Chris PeBenito 31b7c0 
# X-Debian-Packages:
Chris PeBenito 31b7c0 
#
Chris PeBenito 31b7c0 
# NOTE: The user vmware domain is provided separately in
Chris PeBenito 31b7c0 
# macros/program/vmware_macros.te
Chris PeBenito 31b7c0 
#
Chris PeBenito 31b7c0 
# Next two domains are create by the daemon_domain() macro.
Chris PeBenito 31b7c0 
# The vmware_t domain is for running VMWare daemons
Chris PeBenito 31b7c0 
# The vmware_exec_t type is for the VMWare daemon and admin programs.
Chris PeBenito 31b7c0 
#
Chris PeBenito 31b7c0 
# quick hack making it privhome, should have a domain for each user in a macro
Chris PeBenito 31b7c0 
daemon_domain(vmware, `, privhome')
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0 
#
Chris PeBenito 31b7c0 
# The vmware_user_exec_t type is for the user programs.
Chris PeBenito 31b7c0 
#
Chris PeBenito 31b7c0 
type vmware_user_exec_t, file_type, sysadmfile, exec_type;
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0 
# Type for vmware devices.
Chris PeBenito 31b7c0 
type vmware_device_t, device_type, dev_fs;
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0 
# The sys configuration used for the /etc/vmware configuration files
Chris PeBenito 31b7c0 
type vmware_sys_conf_t, file_type, sysadmfile;
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0 
#########################################################################
Chris PeBenito 31b7c0 
# Additional rules to start/stop VMWare
Chris PeBenito 31b7c0 
#
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0 
# Give init access to VMWare configuration files
Chris PeBenito 31b7c0 
allow initrc_t vmware_sys_conf_t:file { ioctl read append };
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0 
#
Chris PeBenito 31b7c0 
# Rules added to kernel_t domain for VMWare to start up
Chris PeBenito 31b7c0 
#
Chris PeBenito 31b7c0 
# VMWare need access to pcmcia devices for network
Chris PeBenito 31b7c0 
ifdef(`cardmgr.te', `
Chris PeBenito 31b7c0 
allow kernel_t cardmgr_var_lib_t:dir { getattr search };
Chris PeBenito 31b7c0 
allow kernel_t cardmgr_var_lib_t:file { getattr ioctl read };
Chris PeBenito 31b7c0 
')
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0 
# Vmware create network devices
Chris PeBenito 31b7c0 
allow kernel_t self:capability net_admin;
Chris PeBenito 31b7c0 
allow kernel_t self:netlink_route_socket { bind create getattr nlmsg_read nlmsg_write read write };
Chris PeBenito 31b7c0 
allow kernel_t self:socket create;

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation