Bug 494354
Summary: | enable qemu sharing of parallel ports | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Michael J. Chudobiak <mjc> |
Component: | selinux-policy-targeted | Assignee: | Miroslav Grepl <mgrepl> |
Status: | CLOSED RAWHIDE | QA Contact: | Ben Levenson <benl> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 10 | ||
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2009-04-07 14:57:17 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Michael J. Chudobiak
2009-04-06 14:30:51 UTC
What devices should I give it access to? /dev/parport*, in my case anyway. Other people might need access to serial ports (/dev/ttyS*), but I have no experience with that. I do use libvirt/kvm/qemu with USB port forwarding (for USB serial port access), but that seems to work fine with the existing policy. - Mike Add qemu_use_comm and virt_use_comm for (svirt_t) in rawhide. Miroslav could you add something like +## <desc> +## <p> +## Allow qemu to user serial/parallel communication ports +## </p> +## </desc> +gen_tunable(qemu_use_comm, false) + + +tunable_policy(`qemu_use_comm',` + term_use_unallocated_ttys(sqemu_t) + dev_rw_printer(sqemu_t) +') Fixed in selinux-policy-3.5.13-55.fc10 I downloaded selinux-policy-3.5.13-55.fc10 and rebooted. What else do I need to do to make this work? I don't see any qemu_use_comm boolean. [root@pekkala ~]# sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode: enforcing Mode from config file: permissive Policy version: 23 Policy from config file: targeted [root@pekkala ~]# getsebool -a | grep comm httpd_tty_comm --> on [root@pekkala ~]# rpm -qa | grep selinux-policy selinux-policy-targeted-3.5.13-48.fc10.noarch selinux-policy-3.5.13-55.fc10.noarch - Mike Because you updated only selinux-policy. You should update also selinux-policy-targeted. OK - but I got selinux-policy from http://koji.fedoraproject.org/koji/packageinfo?packageID=32. I can't find any selinux-policy-targeted builds there. Am I missing something? - Mike http://koji.fedoraproject.org/koji/buildinfo?buildID=96877 for download policy-targeted: http://kojipkgs.fedoraproject.org/packages/selinux-policy/3.5.13/55.fc10/noarch/selinux-policy-targeted-3.5.13-55.fc10.noarch.rpm Thanks for the super-quick resolution and helpfulness! Confirmed as fixed. - Mike |