Chris PeBenito eb4216
Chris PeBenito eb4216
policy_module(qemu, 1.0.0)
Chris PeBenito eb4216
Chris PeBenito eb4216
########################################
Chris PeBenito eb4216
#
Chris PeBenito eb4216
# Declarations
Chris PeBenito eb4216
#
Chris PeBenito eb4216
Chris PeBenito eb4216
## <desc>
Chris PeBenito eb4216
## 

Chris PeBenito eb4216
## Allow qemu to connect fully to the network
Chris PeBenito eb4216
## 

Chris PeBenito eb4216
## </desc>
Chris PeBenito eb4216
gen_tunable(qemu_full_network, false)
Chris PeBenito eb4216
Chris PeBenito eb4216
type qemu_exec_t;
Chris PeBenito eb4216
qemu_domain_template(qemu)
Chris PeBenito eb4216
application_domain(qemu_t, qemu_exec_t)
Chris PeBenito eb4216
role system_r types qemu_t;
Chris PeBenito eb4216
Chris PeBenito eb4216
########################################
Chris PeBenito eb4216
#
Chris PeBenito eb4216
# qemu local policy
Chris PeBenito eb4216
#
Chris PeBenito eb4216
Chris PeBenito eb4216
tunable_policy(`qemu_full_network',`
Chris PeBenito eb4216
	allow qemu_t self:udp_socket create_socket_perms;
Chris PeBenito eb4216
Chris PeBenito eb4216
	corenet_udp_sendrecv_all_if(qemu_t)
Chris PeBenito eb4216
	corenet_udp_sendrecv_all_nodes(qemu_t)
Chris PeBenito eb4216
	corenet_udp_sendrecv_all_ports(qemu_t)
Chris PeBenito eb4216
	corenet_udp_bind_all_nodes(qemu_t)
Chris PeBenito eb4216
	corenet_udp_bind_all_ports(qemu_t)
Chris PeBenito eb4216
	corenet_tcp_bind_all_ports(qemu_t)
Chris PeBenito eb4216
	corenet_tcp_connect_all_ports(qemu_t)
Chris PeBenito eb4216
')
Chris PeBenito eb4216
Chris PeBenito eb4216
########################################
Chris PeBenito eb4216
#
Chris PeBenito eb4216
# qemu_unconfined local policy
Chris PeBenito eb4216
#
Chris PeBenito eb4216
Chris PeBenito eb4216
optional_policy(`
Chris PeBenito eb4216
	type qemu_unconfined_t;
Chris PeBenito eb4216
	domain_type(qemu_unconfined_t)
Chris PeBenito eb4216
	unconfined_domain_noaudit(qemu_unconfined_t)
Chris PeBenito eb4216
Chris PeBenito eb4216
	allow qemu_unconfined_t self:process { execstack execmem };
Chris PeBenito eb4216
')