Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 692957 Details for
Bug 896013
Libvirt is not relabelling qcow2 backing files
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
Output of sesearch
sesearch.log (text/plain), 34.69 KB, created by
Lon Hohberger
on 2013-02-04 19:15:18 UTC
(
hide
)
Description:
Output of sesearch
Filename:
MIME Type:
Creator:
Lon Hohberger
Created:
2013-02-04 19:15:18 UTC
Size:
34.69 KB
patch
obsolete
>Found 444 semantic av rules: > allow virt_domain slapd_var_run_t : dir { getattr search open } ; > allow virt_domain slapd_var_run_t : sock_file { write getattr append open } ; > allow virt_domain sssd_var_lib_t : dir { getattr search open } ; > allow virt_domain sssd_var_lib_t : sock_file { write getattr append open } ; > allow virt_domain public_content_t : file { ioctl read getattr lock open } ; > allow virt_domain public_content_t : dir { ioctl read getattr lock search open } ; > allow virt_domain public_content_t : lnk_file { read getattr } ; > allow virt_domain virt_var_lib_t : file { ioctl read getattr lock append open } ; > allow virt_domain virt_var_lib_t : dir { getattr search open } ; > allow virt_domain virt_var_lib_t : lnk_file { read getattr } ; > allow virt_domain virt_var_run_t : dir { getattr search open } ; > allow virt_domain virt_var_run_t : sock_file { write getattr append open } ; > allow virt_domain file_type : dir { getattr search open } ; > allow qemu_t smbd_exec_t : file { read getattr execute open } ; > allow virt_domain ptchown_exec_t : file { read getattr execute open } ; > allow virt_domain anon_inodefs_t : file { ioctl read write getattr lock append open } ; > allow virt_domain anon_inodefs_t : dir { getattr search open } ; > allow domain abrt_var_run_t : file { ioctl read getattr lock open } ; > allow domain abrt_var_run_t : dir { getattr search open } ; > allow virt_domain dns_client_packet_t : packet { send recv } ; > allow virt_domain kvm_device_t : chr_file { ioctl read write getattr lock append open } ; > allow virt_domain unlabeled_t : tcp_socket recvfrom ; > allow virt_domain unlabeled_t : udp_socket recvfrom ; > allow virt_domain unlabeled_t : rawip_socket recvfrom ; > allow virt_domain unlabeled_t : association { sendto recvfrom } ; > allow virt_domain unlabeled_t : packet { send recv } ; > allow virt_domain unlabeled_t : peer recv ; > allow virt_domain virt_content_t : file { ioctl read getattr lock open } ; > allow virt_domain virt_content_t : dir { ioctl read getattr lock search open } ; > allow virt_domain virt_content_t : lnk_file { read getattr } ; > allow virt_domain virt_content_t : blk_file { ioctl read getattr lock open } ; > allow virt_domain ptynode : chr_file { ioctl read write getattr lock append open } ; > allow virt_domain ttynode : chr_file { ioctl read write getattr lock append open } ; > allow virt_domain port_type : tcp_socket { recv_msg send_msg } ; > allow domain system_cronjob_t : fifo_file { ioctl read write getattr lock append } ; > allow application_domain_type cfengine_var_lib_t : dir { getattr search open } ; > allow application_domain_type admin_home_t : file { getattr append } ; > allow virt_domain public_content_rw_t : file { ioctl read getattr lock open } ; > allow virt_domain public_content_rw_t : dir { ioctl read getattr lock search open } ; > allow virt_domain public_content_rw_t : lnk_file { read getattr } ; > allow virt_domain tty_device_t : chr_file { ioctl read write getattr lock append open } ; > allow application_domain_type cfengine_var_log_t : file { ioctl getattr lock append } ; > allow application_domain_type user_cron_spool_t : file { ioctl read write getattr lock append } ; > allow domain null_device_t : chr_file { ioctl read write getattr lock append open } ; > allow domain sysctl_crypto_t : file { ioctl read getattr lock open } ; > allow domain sysctl_crypto_t : dir { ioctl read getattr lock search open } ; > allow qemu_t virt_bridgehelper_t : process transition ; > allow domain unconfined_notrans_t : process sigchld ; > allow domain zero_device_t : chr_file { ioctl read write getattr lock append open } ; > allow qemu_t user_home_dir_t : dir { getattr search open } ; > allow qemu_t user_home_dir_t : lnk_file { read getattr } ; > allow virt_domain virt_bridgehelper_t : process transition ; > allow qemu_t bin_t : dir { getattr search open } ; > allow qemu_t boot_t : file { ioctl read getattr lock open } ; > allow qemu_t boot_t : dir { getattr search open } ; > allow application_domain_type crond_t : process sigchld ; > allow qemu_t init_t : process { sigchld signull } ; > allow virt_domain virt_migration_port_t : tcp_socket { name_bind name_connect } ; > allow qemu_t ptmx_t : chr_file { ioctl read write getattr lock append open } ; > allow qemu_t smbd_t : process transition ; > allow virt_domain dirsrv_t : unix_stream_socket connectto ; > allow application_domain_type sshd_t : process sigchld ; > allow application_domain_type sshd_t : unix_stream_socket { ioctl read write getattr setattr lock append bind connect listen accept getopt setopt shutdown } ; > allow qemu_t device_t : dir { ioctl read getattr lock search open } ; > allow domain setrans_var_run_t : dir { getattr search open } ; > allow qemu_t device_t : lnk_file { read getattr } ; > allow domain setrans_var_run_t : sock_file { write getattr append open } ; > allow qemu_t devpts_t : filesystem getattr ; > allow qemu_t devpts_t : dir { ioctl read getattr lock search open } ; > allow qemu_t tmp_t : dir { ioctl read write getattr lock add_name remove_name search open } ; > allow virt_domain lsassd_t : unix_stream_socket connectto ; > allow qemu_t virtd_t : process sigchld ; > allow qemu_t var_t : dir { getattr search open } ; > allow qemu_t virtd_t : fd use ; > allow qemu_t virtd_t : fifo_file { ioctl read write getattr lock append } ; > allow application_domain_type afs_t : udp_socket { read write } ; > allow virt_domain bin_t : file { ioctl read getattr lock execute execute_no_trans open } ; > allow virt_domain bin_t : dir { ioctl read getattr lock search open } ; > allow virt_domain bin_t : lnk_file { read getattr } ; > allow qemu_t virt_log_t : file { ioctl getattr lock append open } ; > allow qemu_t virt_log_t : dir { getattr search open } ; > allow virt_domain winbind_var_run_t : dir { getattr search open } ; > allow virt_domain winbind_var_run_t : sock_file { write getattr append open } ; > allow qemu_t fs_t : filesystem getattr ; > allow virt_domain noxattrfs : file { ioctl read write getattr lock append } ; > allow virt_domain mnt_t : dir { getattr search open } ; > allow virt_domain mnt_t : lnk_file { read getattr } ; > allow qemu_t qemu_t : process { fork sigchld signull signal getsched execmem execstack } ; > allow qemu_t qemu_t : capability net_bind_service ; > allow qemu_t qemu_t : file { ioctl read write getattr lock append open } ; > allow qemu_t qemu_t : dir { ioctl read getattr lock search open } ; > allow qemu_t qemu_t : lnk_file { ioctl read getattr lock } ; > allow virt_domain netif_t : netif { tcp_recv tcp_send udp_recv udp_send ingress egress } ; > allow qemu_t qemu_t : fifo_file { ioctl read write getattr lock append open } ; > allow qemu_t qemu_t : tcp_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown } ; > allow qemu_t qemu_t : udp_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown } ; > allow domain unconfined_domain_type : tcp_socket recvfrom ; > allow qemu_t qemu_t : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown } ; > allow qemu_t qemu_t : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto } ; > allow virt_domain nscd_t : unix_stream_socket connectto ; > allow qemu_t qemu_t : shm { create destroy getattr setattr read write associate unix_read unix_write lock } ; > allow virt_domain nslcd_t : unix_stream_socket connectto ; > allow qemu_t rpm_t : fd use ; > allow qemu_t rpm_t : fifo_file { ioctl read getattr lock open } ; > allow qemu_t qemu_t : netlink_route_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown nlmsg_read } ; > allow qemu_t qemu_t : association sendto ; > allow virt_domain nscd_t : nscd { getpwd getgrp gethost } ; > allow domain unconfined_domain_type : association recvfrom ; > allow qemu_t tmpfs_t : dir { ioctl read write getattr lock add_name remove_name search open } ; > allow virt_domain ptmx_t : chr_file { ioctl read write getattr lock append open } ; > allow qemu_t qemu_t : peer recv ; > allow domain unconfined_domain_type : peer recv ; > allow virt_domain slapd_t : unix_stream_socket connectto ; > allow domain livecd_t : process sigchld ; > allow virt_domain sssd_t : unix_stream_socket connectto ; > allow virt_domain device_t : dir { ioctl read getattr lock search open } ; > allow virt_domain device_t : lnk_file { read getattr } ; > allow virt_domain devlog_t : lnk_file { read getattr } ; > allow virt_domain devpts_t : filesystem getattr ; > allow virt_domain devpts_t : dir { ioctl read getattr lock search open } ; > allow virt_domain devlog_t : sock_file { write getattr append open } ; > allow virt_domain devpts_t : chr_file { ioctl read write getattr lock append open } ; > allow virt_domain locale_t : file { ioctl read getattr lock open } ; > allow virt_domain usr_t : file { ioctl read getattr lock open } ; > allow virt_domain locale_t : dir { ioctl read getattr lock search open } ; > allow virt_domain usr_t : dir { ioctl read getattr lock search open } ; > allow virt_domain locale_t : lnk_file { read getattr } ; > allow virt_domain usr_t : lnk_file { read getattr } ; > allow virt_domain var_t : file { ioctl read getattr lock open } ; > allow virt_domain var_t : dir { ioctl read write getattr lock add_name remove_name search open } ; > allow qemu_t virt_tmp_t : file { ioctl read getattr lock open } ; > allow qemu_t virt_tmp_t : dir { getattr search open } ; > allow qemu_t virt_tmp_t : lnk_file { read getattr } ; > allow qemu_t virt_tmp_t : sock_file { write getattr append open } ; > allow virt_domain virtd_t : unix_stream_socket connectto ; > allow domain sysctl_t : dir { getattr search open } ; > allow qemu_t qemu_devpts_t : chr_file { ioctl read write getattr setattr lock append open } ; > allow domain abrt_t : process { signull getattr } ; > allow domain abrt_t : file { ioctl read getattr lock open } ; > allow domain abrt_t : dir { ioctl read getattr lock search open } ; > allow domain abrt_t : lnk_file { read getattr } ; > allow domain abrt_t : fifo_file { ioctl read write getattr lock append } ; > allow domain bin_t : dir { getattr search open } ; > allow virt_domain avahi_t : unix_stream_socket connectto ; > allow virt_domain cifs_t : file { ioctl read write getattr lock append } ; > allow domain crond_t : fifo_file { ioctl read write getattr lock append } ; > allow virt_domain virt_etc_t : file { ioctl read getattr lock open } ; > allow virt_domain virt_etc_t : dir { getattr search open } ; > allow virt_domain etc_t : file { ioctl read getattr lock open } ; > allow virt_domain virt_log_t : file { ioctl getattr lock append open } ; > allow virt_domain etc_t : dir { ioctl read getattr lock search open } ; > allow virt_domain virt_log_t : dir { getattr search open } ; > allow virt_domain etc_t : lnk_file { read getattr } ; > allow qemu_t virt_image_type : file { ioctl read write create getattr setattr lock append unlink link rename open } ; > allow qemu_t virt_image_type : dir { ioctl read write create getattr setattr lock unlink link rename add_name remove_name reparent search rmdir open } ; > allow qemu_t virt_image_type : lnk_file { read getattr } ; > allow qemu_t virt_image_type : chr_file { ioctl read write getattr lock append open } ; > allow qemu_t virt_image_type : blk_file { ioctl read write getattr lock append open } ; > allow domain init_t : process { sigchld signull } ; > allow domain lib_t : file { ioctl read getattr lock execute open } ; > allow domain lib_t : dir { ioctl read getattr lock search open } ; > allow domain lib_t : lnk_file { read getattr } ; > allow virt_domain nfs_t : file { ioctl read write getattr lock append } ; > allow virt_domain node_t : tcp_socket node_bind ; > allow domain mnt_t : dir { getattr search open } ; > allow virt_domain node_t : node { tcp_recv tcp_send udp_recv udp_send recvfrom sendto } ; > allow domain prelink_exec_t : file getattr ; > allow virt_domain proc_t : file { ioctl read getattr lock open } ; > allow virt_domain proc_t : dir { ioctl read getattr lock search open } ; > allow virt_domain proc_t : lnk_file { read getattr } ; > allow virt_domain tmpfs_t : filesystem getattr ; > allow virt_domain tmpfs_t : file { ioctl read write getattr lock append open } ; > allow virt_domain tmpfs_t : dir { getattr search open } ; > allow qemu_t user_tmpfs_t : file { ioctl read getattr lock open } ; > allow qemu_t user_tmpfs_t : dir { ioctl read getattr lock search open } ; > allow qemu_t user_tmpfs_t : lnk_file { read getattr } ; > allow domain root_t : dir { ioctl read getattr lock search open } ; > allow domain root_t : lnk_file { ioctl read getattr lock } ; > allow domain rpm_transition_domain : fifo_file { ioctl read write getattr lock append } ; > allow application_domain_type logfile : file { getattr append } ; > allow domain sshd_t : fifo_file { ioctl read write getattr lock append } ; > allow domain device_t : dir { ioctl read getattr lock search open } ; > allow domain device_t : lnk_file { read getattr } ; > allow domain tmp_t : dir { getattr search open } ; > allow domain devtty_t : chr_file { ioctl read write getattr lock append open } ; > allow domain usr_t : file { ioctl read getattr lock open } ; > allow domain usr_t : dir { ioctl read getattr lock search open } ; > allow domain usr_t : lnk_file { read getattr } ; > allow domain var_t : dir { getattr search open } ; > allow virt_domain console_device_t : chr_file { ioctl read write getattr lock append open } ; > allow virt_domain sssd_public_t : file { ioctl read getattr lock open } ; > allow virt_domain sssd_public_t : dir { ioctl read getattr lock search open } ; > allow virt_domain vnc_port_t : tcp_socket name_bind ; > allow virt_domain qemu_device_t : chr_file { ioctl read write getattr lock append open } ; > allow application_domain_type user_tmp_t : file { getattr append } ; > allow qemu_t user_tmp_t : dir { getattr search open } ; > allow qemu_t user_tmp_t : sock_file { write getattr append open } ; > allow virt_domain virt_etc_rw_t : file { ioctl read getattr lock open } ; > allow virt_domain virt_etc_rw_t : dir { getattr search open } ; > allow virt_domain virt_etc_rw_t : lnk_file { read getattr } ; > allow domain etc_t : file { ioctl read getattr lock open } ; > allow domain etc_t : dir { ioctl read getattr lock search open } ; > allow domain etc_t : lnk_file { read getattr } ; > allow domain ld_so_t : file { ioctl read getattr execute open } ; > allow domain ld_so_t : lnk_file { read getattr } ; > allow domain afs_cache_t : file { read write } ; > allow domain proc_t : dir { getattr search open } ; > allow domain proc_t : lnk_file { read getattr } ; > allow virt_domain ldap_port_t : tcp_socket { recv_msg send_msg name_connect } ; > allow domain abrt_helper_exec_t : file { read getattr execute open } ; > allow domain rpm_t : fd use ; > allow domain rpm_t : fifo_file { ioctl read getattr lock open } ; > allow virt_domain sound_device_t : chr_file { ioctl read write getattr lock append open } ; > allow virt_domain vhost_device_t : chr_file { ioctl read write getattr lock append open } ; > allow qemu_t virt_bridgehelper_exec_t : file { read getattr execute open } ; > allow qemu_t qemu_exec_t : file { ioctl read getattr lock execute entrypoint open } ; > allow virt_domain likewise_var_lib_t : dir { getattr search open } ; > allow virt_domain dns_port_t : tcp_socket { recv_msg send_msg name_connect } ; > allow virt_domain dns_port_t : udp_socket { recv_msg send_msg } ; > allow virt_domain hugetlbfs_t : filesystem getattr ; > allow virt_domain lsassd_var_socket_t : sock_file { write getattr append open } ; > allow domain abrt_helper_t : process transition ; > allow application_domain_type sudodomain : process sigchld ; > allow virt_domain virt_bridgehelper_exec_t : file { read getattr execute open } ; > allow qemu_t xen_image_t : file { ioctl read write getattr lock append open } ; > allow qemu_t xen_image_t : dir { getattr search open } ; > allow virt_domain qemu_exec_t : file { ioctl read getattr lock execute execute_no_trans entrypoint open } ; > allow qemu_t removable_device_t : blk_file { ioctl read write getattr lock append open } ; > allow virt_domain krb5_conf_t : file { ioctl read getattr lock open } ; > allow virt_domain krb5_conf_t : dir { getattr search open } ; > allow virt_domain shell_exec_t : file { ioctl read getattr lock execute execute_no_trans open } ; > allow domain textrel_shlib_t : file { ioctl read getattr execute execmod open } ; > allow domain textrel_shlib_t : lnk_file { read getattr } ; > allow qemu_t unconfined_t : fd use ; > allow virt_domain removable_device_t : blk_file { ioctl read getattr lock open } ; > allow application_domain_type user_home_t : file { getattr append } ; > allow virt_domain netlabel_peer_t : tcp_socket recvfrom ; > allow virt_domain netlabel_peer_t : udp_socket recvfrom ; > allow virt_domain netlabel_peer_t : rawip_socket recvfrom ; > allow virt_domain netlabel_peer_t : peer recv ; > allow qemu_t userdomain : unix_stream_socket connectto ; > allow domain rpm_script_tmp_t : file { ioctl read getattr lock open } ; > allow domain rpm_script_tmp_t : dir { getattr search open } ; > allow domain rpm_script_tmp_t : lnk_file { read getattr } ; > allow virt_domain virt_cache_t : file { ioctl read write create getattr setattr lock append unlink link rename open } ; > allow virt_domain virt_cache_t : dir { ioctl read write create getattr setattr lock unlink link rename add_name remove_name reparent search rmdir open } ; > allow domain netlabel_peer_t : tcp_socket recvfrom ; > allow domain security_t : filesystem getattr ; > allow domain security_t : dir { getattr search open } ; > allow qemu_t var_lib_t : dir { ioctl read getattr lock search open } ; > allow domain netlabel_peer_t : peer recv ; > allow virt_domain tun_tap_device_t : chr_file { ioctl read write getattr lock append open } ; > allow domain unconfined_t : process sigchld ; > allow domain unconfined_t : fd use ; > allow qemu_t user_home_type : dir { getattr search open } ; > allow qemu_t user_home_type : lnk_file { read getattr } ; > allow qemu_t xserver_t : shm { getattr read write associate unix_read unix_write lock } ; > allow virt_domain syslogd_t : unix_stream_socket connectto ; > allow virt_domain syslogd_t : unix_dgram_socket sendto ; > allow virt_domain ptchown_t : process transition ; > allow virt_domain var_lib_t : dir { ioctl read getattr lock search open } ; > allow virt_domain var_run_t : dir { ioctl read write getattr lock add_name remove_name search open } ; > allow domain default_t : dir { getattr search open } ; > allow qemu_t var_log_t : dir { getattr search open } ; > allow virt_domain winbind_t : unix_stream_socket connectto ; > allow qemu_t qemu_tmp_t : file { ioctl read write create getattr setattr lock append unlink link rename open } ; > allow qemu_t qemu_tmp_t : dir { ioctl read write create getattr setattr lock unlink link rename add_name remove_name reparent search rmdir open } ; > allow qemu_t qemu_tmp_t : lnk_file { ioctl read write create getattr setattr lock append unlink link rename } ; > allow domain sosreport_tmp_t : file append ; > allow domain ld_so_cache_t : file { ioctl read getattr lock open } ; > allow virt_domain configfile : file { ioctl read getattr lock open } ; > allow virt_domain configfile : dir { ioctl read getattr lock search open } ; > allow virt_domain configfile : lnk_file { read getattr } ; > allow domain rpm_tmp_t : file { ioctl getattr lock append open } ; > allow domain rpm_tmp_t : dir { getattr search open } ; > allow domain ipsec_spd_t : association polmatch ; > allow domain abrt_var_cache_t : file { ioctl getattr lock append open } ; > allow domain abrt_var_cache_t : dir { getattr search open } ; > allow domain var_run_t : dir { ioctl read getattr lock search open } ; > allow virt_domain ldap_client_packet_t : packet { send recv } ; > allow domain configfile : file { ioctl read getattr lock open } ; > allow domain configfile : dir { ioctl read getattr lock search open } ; > allow domain configfile : lnk_file { read getattr } ; > allow domain domain : key { search link } ; > allow virt_domain samba_var_t : file { ioctl read getattr lock open } ; > allow virt_domain samba_var_t : dir { getattr search open } ; > allow domain rpm_log_t : dir { getattr search open } ; > allow domain setrans_t : unix_stream_socket connectto ; > allow domain setrans_t : context translate ; > allow virt_domain avahi_var_run_t : dir { getattr search open } ; > allow virt_domain avahi_var_run_t : sock_file { write getattr append open } ; > allow virt_domain cert_type : file { ioctl read getattr lock open } ; > allow virt_domain cert_type : dir { ioctl read getattr lock search open } ; > allow virt_domain cert_type : lnk_file { read getattr } ; > allow virt_domain qemu_var_run_t : file { ioctl read write create getattr setattr lock append unlink link rename open } ; > allow virt_domain qemu_var_run_t : dir { ioctl read write create getattr setattr lock unlink link rename add_name remove_name reparent search rmdir open } ; > allow virt_domain qemu_var_run_t : lnk_file { ioctl read write create getattr setattr lock append unlink link rename } ; > allow virt_domain qemu_var_run_t : sock_file { ioctl read write create getattr setattr lock append unlink link rename open } ; > allow virt_domain dirsrv_var_run_t : dir { getattr search open } ; > allow virt_domain dirsrv_var_run_t : sock_file { write getattr append open } ; > allow qemu_t virt_var_lib_t : dir { getattr search open } ; > allow qemu_t xend_var_lib_t : dir { getattr search open } ; > allow virt_domain net_conf_t : file { ioctl read getattr lock open } ; > allow virt_domain net_conf_t : dir { ioctl read getattr lock search open } ; > allow qemu_t home_root_t : dir { ioctl read getattr lock search open } ; > allow qemu_t home_root_t : lnk_file { read getattr } ; > allow virt_domain urandom_device_t : chr_file { ioctl read getattr lock open } ; > allow virt_domain ksm_device_t : chr_file { ioctl read write getattr lock append open } ; > allow virt_domain nscd_var_run_t : dir { getattr search open } ; > allow virt_domain nslcd_var_run_t : dir { getattr search open } ; > allow virt_domain nscd_var_run_t : sock_file { write getattr append open } ; > allow virt_domain random_device_t : chr_file { ioctl read getattr lock open } ; > allow virt_domain nslcd_var_run_t : sock_file { write getattr append open } ; > allow qemu_t qemu_image_t : file { ioctl read write create getattr setattr lock append unlink link rename open } ; > allow qemu_t qemu_image_t : dir { ioctl read write create getattr setattr lock unlink link rename add_name remove_name reparent search rmdir open } ; > allow qemu_t qemu_image_t : lnk_file { read getattr } ; > allow qemu_t qemu_image_t : chr_file { ioctl read write getattr lock append open } ; > allow qemu_t qemu_tmpfs_t : file { ioctl read write create getattr setattr lock append unlink link rename open } ; > allow qemu_t qemu_image_t : blk_file { ioctl read write getattr lock append open } ; > allow qemu_t qemu_tmpfs_t : dir { ioctl read write create getattr setattr lock unlink link rename add_name remove_name reparent search rmdir open } ; > allow qemu_t qemu_image_t : fifo_file { ioctl read write create getattr setattr lock append unlink link rename open } ; > allow qemu_t qemu_tmpfs_t : lnk_file { ioctl read write create getattr setattr lock append unlink link rename } ; > allow virt_domain privfd : fd use ; >ET allow qemu_t port_type : tcp_socket { name_bind name_connect } ; [ qemu_full_network ] >ET allow qemu_t port_type : udp_socket { recv_msg send_msg name_bind } ; [ qemu_full_network ] >DT allow domain urandom_device_t : chr_file { ioctl read getattr lock open } ; [ global_ssp ] >ET allow virt_domain unlabeled_t : tcp_socket recvfrom ; [ allow_kerberos ] >DT allow virt_domain unlabeled_t : tcp_socket recvfrom ; [ allow_ypbind ] >ET allow virt_domain unlabeled_t : udp_socket recvfrom ; [ allow_kerberos ] >DT allow virt_domain unlabeled_t : udp_socket recvfrom ; [ allow_ypbind ] >ET allow virt_domain unlabeled_t : rawip_socket recvfrom ; [ allow_kerberos ] >DT allow virt_domain unlabeled_t : rawip_socket recvfrom ; [ allow_ypbind ] >ET allow virt_domain unlabeled_t : association { sendto recvfrom } ; [ allow_kerberos ] >DT allow virt_domain unlabeled_t : association { sendto recvfrom } ; [ allow_ypbind ] >ET allow virt_domain unlabeled_t : packet { send recv } ; [ allow_kerberos ] >DT allow virt_domain unlabeled_t : packet { send recv } ; [ allow_ypbind ] >ET allow virt_domain unlabeled_t : peer recv ; [ allow_kerberos ] >DT allow virt_domain unlabeled_t : peer recv ; [ allow_ypbind ] >DT allow virt_domain port_type : tcp_socket { recv_msg send_msg } ; [ allow_ypbind ] >DT allow virt_domain port_type : udp_socket { recv_msg send_msg } ; [ allow_ypbind ] >DT allow qemu_t tty_device_t : chr_file { ioctl read write getattr lock append open } ; [ qemu_use_comm ] >DT allow virt_domain portmap_port_t : tcp_socket name_connect ; [ allow_ypbind ] >ET allow virt_domain kerberos_client_packet_t : packet { send recv } ; [ allow_kerberos ] >ET allow domain sysctl_kernel_t : file { ioctl read getattr lock open } ; [ fips_mode ] >ET allow domain sysctl_kernel_t : dir { ioctl read getattr lock search open } ; [ fips_mode ] >ET allow virt_domain krb5_host_rcache_t : file getattr ; [ allow_kerberos ] >DT allow qemu_t device_t : dir { ioctl read getattr lock search open } ; [ qemu_use_comm ] >DT allow qemu_t device_t : lnk_file { read getattr } ; [ qemu_use_comm ] >DT allow virt_domain var_yp_t : file { ioctl read getattr lock open } ; [ allow_ypbind ] >DT allow virt_domain var_yp_t : dir { ioctl read getattr lock search open } ; [ allow_ypbind ] >DT allow virt_domain var_yp_t : lnk_file { read getattr } ; [ allow_ypbind ] >DT allow qemu_t cifs_t : file { ioctl read write create getattr setattr lock append unlink link rename open } ; [ virt_use_samba ] >ET allow qemu_t cifs_t : file { ioctl read write create getattr setattr lock append unlink link rename open } ; [ qemu_use_cifs ] >DT allow qemu_t cifs_t : dir { ioctl read write getattr lock add_name remove_name search open } ; [ virt_use_samba ] >ET allow qemu_t cifs_t : dir { ioctl read write create getattr setattr lock unlink link rename add_name remove_name reparent search rmdir open } ; [ qemu_use_cifs ] >DT allow qemu_t cifs_t : lnk_file { read getattr } ; [ virt_use_samba ] >ET allow qemu_t dosfs_t : file { ioctl read write create getattr setattr lock append unlink link rename open } ; [ qemu_use_usb ] >ET allow qemu_t dosfs_t : dir { ioctl read write create getattr setattr lock unlink link rename add_name remove_name reparent search rmdir open } ; [ qemu_use_usb ] >DT allow qemu_t nfs_t : file { ioctl read write create getattr setattr lock append unlink link rename open } ; [ virt_use_nfs ] >ET allow qemu_t nfs_t : file { ioctl read write create getattr setattr lock append unlink link rename open } ; [ qemu_use_nfs ] >DT allow qemu_t nfs_t : dir { ioctl read write create getattr setattr lock unlink link rename add_name remove_name reparent search rmdir open } ; [ virt_use_nfs ] >ET allow qemu_t nfs_t : dir { ioctl read write create getattr setattr lock unlink link rename add_name remove_name reparent search rmdir open } ; [ qemu_use_nfs ] >DT allow qemu_t nfs_t : lnk_file { read getattr } ; [ virt_use_nfs ] >DT allow qemu_t qemu_t : process { execmem execstack } ; [ virt_use_execmem ] >DT allow qemu_t qemu_t : capability net_bind_service ; [ allow_ypbind ] >ET allow qemu_t qemu_t : capability net_bind_service ; [ qemu_full_network ] >ET allow virt_domain netif_t : netif { tcp_recv tcp_send udp_recv udp_send ingress egress } ; [ allow_kerberos ] >DT allow virt_domain netif_t : netif { tcp_recv tcp_send udp_recv udp_send ingress egress } ; [ allow_ypbind ] >ET allow virt_domain nscd_t : fd use ; [ nscd_use_shm ] >ET allow qemu_t qemu_t : fifo_file { ioctl read write create getattr setattr lock append unlink link rename open } ; [ fips_mode ] >ET allow qemu_t qemu_t : tcp_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown } ; [ allow_kerberos ] >DT allow qemu_t qemu_t : tcp_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown } ; [ allow_ypbind ] >ET allow qemu_t qemu_t : udp_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown } ; [ allow_kerberos ] >DT allow qemu_t qemu_t : udp_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown } ; [ allow_ypbind ] >ET allow qemu_t qemu_t : udp_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown } ; [ qemu_full_network ] >DF allow qemu_t qemu_t : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown } ; [ nscd_use_shm ] >ET allow qemu_t qemu_t : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown } ; [ nscd_use_shm ] >DF allow virt_domain nscd_t : unix_stream_socket connectto ; [ nscd_use_shm ] >ET allow virt_domain nscd_t : unix_stream_socket connectto ; [ nscd_use_shm ] >ET allow virt_domain pcscd_t : unix_stream_socket connectto ; [ allow_kerberos ] >DT allow virt_domain port_t : tcp_socket { name_bind name_connect } ; [ allow_ypbind ] >DT allow virt_domain port_t : udp_socket name_bind ; [ allow_ypbind ] >DF allow virt_domain nscd_t : nscd { getpwd getgrp gethost } ; [ nscd_use_shm ] >ET allow virt_domain nscd_t : nscd { getpwd getgrp gethost shmempwd shmemgrp shmemhost } ; [ nscd_use_shm ] >ET allow qemu_t usbfs_t : file { ioctl read write getattr lock append open } ; [ qemu_use_usb ] >ET allow qemu_t usbfs_t : dir { ioctl read getattr lock search open } ; [ qemu_use_usb ] >ET allow qemu_t usbfs_t : lnk_file { read getattr } ; [ qemu_use_usb ] >DT allow domain kernel_t : system module_request ; [ domain_kernel_load_modules ] >ET allow virt_domain var_t : dir { getattr search open } ; [ allow_kerberos ] >DF allow virt_domain var_t : dir { getattr search open } ; [ nscd_use_shm ] >ET allow virt_domain var_t : dir { getattr search open } ; [ nscd_use_shm ] >ET allow domain sysctl_t : dir { getattr search open } ; [ fips_mode ] >ET allow domain bin_t : dir { getattr search open } ; [ fips_mode ] >DT allow virt_domain cifs_t : file { ioctl read getattr lock open } ; [ virt_use_samba ] >DT allow virt_domain cifs_t : dir { ioctl read getattr lock search open } ; [ virt_use_samba ] >DT allow virt_domain cifs_t : lnk_file { read getattr } ; [ virt_use_samba ] >DT allow virt_domain etc_t : dir { getattr search open } ; [ allow_ypbind ] >DT allow virt_domain nfs_t : file { ioctl read getattr lock open } ; [ virt_use_nfs ] >DT allow virt_domain nfs_t : dir { ioctl read getattr lock search open } ; [ virt_use_nfs ] >DT allow virt_domain nfs_t : lnk_file { read getattr } ; [ virt_use_nfs ] >ET allow virt_domain node_t : tcp_socket node_bind ; [ allow_kerberos ] >DT allow virt_domain node_t : tcp_socket node_bind ; [ allow_ypbind ] >ET allow virt_domain node_t : udp_socket node_bind ; [ allow_kerberos ] >DT allow virt_domain node_t : udp_socket node_bind ; [ allow_ypbind ] >ET allow virt_domain node_t : node { tcp_recv tcp_send udp_recv udp_send recvfrom sendto } ; [ allow_kerberos ] >DT allow virt_domain node_t : node { tcp_recv tcp_send udp_recv udp_send recvfrom sendto } ; [ allow_ypbind ] >ET allow domain prelink_exec_t : file { ioctl read getattr lock execute execute_no_trans open } ; [ fips_mode ] >DT allow domain device_t : dir { getattr search open } ; [ global_ssp ] >DT allow domain sysadm_t : process sigchld ; [ allow_ptrace ] >ET allow domain proc_t : dir { getattr search open } ; [ fips_mode ] >DT allow virt_domain client_packet_t : packet { send recv } ; [ allow_ypbind ] >DT allow virt_domain reserved_port_type : tcp_socket name_connect ; [ allow_ypbind ] >ET allow virt_domain kerberos_port_t : tcp_socket { recv_msg send_msg name_connect } ; [ allow_kerberos ] >ET allow virt_domain kerberos_port_t : udp_socket { recv_msg send_msg } ; [ allow_kerberos ] >ET allow virt_domain ocsp_port_t : tcp_socket name_connect ; [ allow_kerberos ] >ET allow virt_domain netlabel_peer_t : tcp_socket recvfrom ; [ allow_kerberos ] >DT allow virt_domain netlabel_peer_t : tcp_socket recvfrom ; [ allow_ypbind ] >ET allow virt_domain netlabel_peer_t : udp_socket recvfrom ; [ allow_kerberos ] >DT allow virt_domain netlabel_peer_t : udp_socket recvfrom ; [ allow_ypbind ] >ET allow virt_domain netlabel_peer_t : rawip_socket recvfrom ; [ allow_kerberos ] >DT allow virt_domain netlabel_peer_t : rawip_socket recvfrom ; [ allow_ypbind ] >ET allow virt_domain netlabel_peer_t : peer recv ; [ allow_kerberos ] >DT allow virt_domain netlabel_peer_t : peer recv ; [ allow_ypbind ] >ET allow qemu_t netif_type : netif { udp_recv udp_send ingress egress } ; [ qemu_full_network ] >ET allow virt_domain ocsp_client_packet_t : packet { send recv } ; [ allow_kerberos ] >DT allow virt_domain rpc_port_type : tcp_socket name_bind ; [ allow_ypbind ] >DT allow virt_domain rpc_port_type : udp_socket name_bind ; [ allow_ypbind ] >ET allow virt_domain var_run_t : dir { getattr search open } ; [ allow_kerberos ] >DF allow virt_domain var_run_t : dir { getattr search open } ; [ nscd_use_shm ] >ET allow virt_domain var_run_t : dir { getattr search open } ; [ nscd_use_shm ] >DT allow qemu_t printer_device_t : chr_file { ioctl read write getattr lock append open } ; [ qemu_use_comm ] >DT allow virt_domain portmap_client_packet_t : packet { send recv } ; [ allow_ypbind ] >DT allow virt_domain server_packet_t : packet { send recv } ; [ allow_ypbind ] >ET allow domain domain : fd use ; [ allow_domain_fd_use ] >DT allow virt_domain net_conf_t : file { ioctl read getattr lock open } ; [ allow_ypbind ] >DT allow virt_domain net_conf_t : dir { ioctl read getattr lock search open } ; [ allow_ypbind ] >ET allow qemu_t node_type : udp_socket node_bind ; [ qemu_full_network ] >ET allow qemu_t node_type : node { udp_recv udp_send recvfrom sendto } ; [ qemu_full_network ] >DF allow virt_domain nscd_var_run_t : dir { getattr search open } ; [ nscd_use_shm ] >ET allow virt_domain nscd_var_run_t : dir { ioctl read getattr lock search open } ; [ nscd_use_shm ] >DF allow virt_domain nscd_var_run_t : sock_file { write getattr append open } ; [ nscd_use_shm ] >ET allow virt_domain nscd_var_run_t : sock_file { ioctl read write getattr lock append open } ; [ nscd_use_shm ] >ET allow virt_domain pcscd_var_run_t : dir { getattr search open } ; [ allow_kerberos ] >ET allow virt_domain pcscd_var_run_t : sock_file { write getattr append open } ; [ allow_kerberos ] >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=692957">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 896013
: 692957 |
693001
|
696818
|
696820
|
698513