330777 – virt selinux policy (for libvirt) not compiled in base and not available as module

Bug 330777 - virt selinux policy (for libvirt) not compiled in base and not available as module

Summary: virt selinux policy (for libvirt) not compiled in base and not available as m...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Hardened (show other bugs)
Hardware:	All Linux

Importance:	High enhancement (vote)
Assignee:	The Gentoo Linux Hardened Team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2010-08-02 01:17 UTC by Chris Richards
Modified:	2011-01-31 22:58 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
ebuild for selinux-virt policy (selinux-virt-2.20100224.ebuild,831 bytes, text/plain) 2010-08-02 01:18 UTC, Chris Richards	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Chris Richards 2010-08-02 01:17:36 UTC

The SELinux modular policy contains a module with policies specific to libvirt (virt), but this module is not compiled into the SELinux base policy that is installed on Gentoo, nor is it available as an explicit policy

In addition, the selinux-virt ebuild needs to create two files in /etc/selinux/{strict,targeted}/contexts: virtual_domain_context and virtual_image_context.  These two files are system dependent and are thus not created when compiling the default system policy.  However, libvirt is SELinux-aware and will error out if these files are not present.

Reproducible: Always

Comment 1 Chris Richards 2010-08-02 01:18:36 UTC

Created attachment 240987 [details]
ebuild for selinux-virt policy

Comment 2 Chris Richards 2011-01-31 22:58:09 UTC

This policy is now included in the testing build for 2.20101213 policy.