|
Lines 70-75
Link Here
|
| 70 |
## </desc> |
70 |
## </desc> |
| 71 |
gen_tunable(virt_use_xserver, false) |
71 |
gen_tunable(virt_use_xserver, false) |
| 72 |
|
72 |
|
|
|
73 |
## <desc> |
| 74 |
### <p> |
| 75 |
### Determine whether confined virtual guests |
| 76 |
### can be set up with and useing vfio. |
| 77 |
### </p> |
| 78 |
### </desc> |
| 79 |
gen_tunable(virt_use_vfio, false) |
| 80 |
|
| 73 |
attribute virt_ptynode; |
81 |
attribute virt_ptynode; |
| 74 |
attribute virt_domain; |
82 |
attribute virt_domain; |
| 75 |
attribute virt_image_type; |
83 |
attribute virt_image_type; |
|
Lines 344-349
Link Here
|
| 344 |
fs_manage_dos_files(virt_domain) |
352 |
fs_manage_dos_files(virt_domain) |
| 345 |
') |
353 |
') |
| 346 |
|
354 |
|
|
|
355 |
tunable_policy(`virt_use_vfio',` |
| 356 |
dev_rw_vfio_dev_min(svirt_t) |
| 357 |
dev_trans_vfio_dev(virtd_t) |
| 358 |
allow virtd_t self:process setrlimit; |
| 359 |
allow virtd_t self:capability sys_resource; |
| 360 |
allow virtd_t svirt_t:process rlimitinh; |
| 361 |
') |
| 362 |
|
| 347 |
optional_policy(` |
363 |
optional_policy(` |
| 348 |
tunable_policy(`virt_use_xserver',` |
364 |
tunable_policy(`virt_use_xserver',` |
| 349 |
xserver_read_xdm_pid(virt_domain) |
365 |
xserver_read_xdm_pid(virt_domain) |
