[DSE-Dev] Bug#736909: [refpolicy] Missing appconfig file for libvirt and LXC containers
mgrepl at redhat.com
Wed Jan 29 21:12:56 UTC 2014
On 01/28/2014 11:15 AM, Laurent Bigonville wrote:
> Libvirt selinux security driver is now enabled in debian unstable.
> Qemu/KVM VM can be started properly now, but a bug has been reported
> that LXC containers are failing to start due to the missing
> "lxc_contexts" appconfig file.
> Looking at the fedora policy, it's indeed shipping that file with the
> following content:
> process = "system_u:system_r:svirt_lxc_net_t:s0"
> content = "system_u:object_r:virt_var_lib_t:s0"
> file = "system_u:object_r:svirt_sandbox_file_t:s0"
> sandbox_kvm_process = "system_u:system_r:svirt_qemu_net_t:s0"
> sandbox_lxc_process = "system_u:system_r:svirt_lxc_net_t:s0"
> I only see minimal differences between the virt module in the refpolicy
> and the one in the fedora one, and I'm maybe missing something, but it
> seems that some types are missing in both the refpolicy and the fedora
> policy. I find no signs of "svirt_qemu_net_t" or "sandbox_file_t" for
I see all types are presented in virt.te,
> So an idea how we could make libvirt happy with LXC containers?
> Laurent Bigonville
>  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736909
> PS: could you please keep the 736909-forwarded CC while replying.
> refpolicy mailing list
> refpolicy at oss.tresys.com
More information about the SELinux-devel