Red Hat Bugzilla – Bug 1311606
RFE: Add strict domain for confining virtlogd daemon
Last modified: 2016-11-03 22:43:36 EDT
libvirt in RHEL-7.3 is rebasing to version 1.3.1, so we'll want this upstream policy enhancement pulled into RHEL 7.3 too
+++ This bug was initially created as a clone of Bug #1311576 +++
Description of problem:
The virtlogd daemon is currently given the same context as
libvirtd. This is essentially unrestricted host access which
is not at all desirable. The virtlogd daemon is a small single
purpose daemon whose only job is logging. It should have a
dedicated context which strictly controls what it is permitted
I have written a policy that can do this and submitted upstream
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.