[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/kernel/

Tue, 11 Sep 2018 02:07:33 -0700 

commit:     c83e985052c5fac77e8895d4569aad3289f42d1e
Author:     Jagannathan Raman <jag.raman <AT> oracle <DOT> com>
AuthorDate: Fri Jul 13 17:05:36 2018 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sun Sep  9 03:07:46 2018 +0000
URL:        
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=c83e9850

vhost: Add /dev/vhost-scsi device of type vhost_device_t.

Signed-off-by: Jagannathan Raman <jag.raman <AT> oracle.com>

 policy/modules/kernel/devices.fc | 1 +
 policy/modules/kernel/devices.if | 2 +-
 policy/modules/kernel/devices.te | 3 ++-
 3 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/policy/modules/kernel/devices.fc b/policy/modules/kernel/devices.fc
index e206720b..5ec14acf 100644
--- a/policy/modules/kernel/devices.fc
+++ b/policy/modules/kernel/devices.fc
@@ -120,6 +120,7 @@ ifdef(`distro_suse', `
 ')
 /dev/vfio/.+           -c      gen_context(system_u:object_r:vfio_device_t,s0)
 /dev/vhost-net         -c      gen_context(system_u:object_r:vhost_device_t,s0)
+/dev/vhost-scsi                -c      
gen_context(system_u:object_r:vhost_device_t,s0)
 /dev/vbi.*             -c      gen_context(system_u:object_r:v4l_device_t,s0)
 /dev/vbox.*            -c      
gen_context(system_u:object_r:xserver_misc_device_t,s0)
 /dev/vga_arbiter       -c      
gen_context(system_u:object_r:xserver_misc_device_t,s0)

diff --git a/policy/modules/kernel/devices.if b/policy/modules/kernel/devices.if
index f68d60ab..0966a468 100644
--- a/policy/modules/kernel/devices.if
+++ b/policy/modules/kernel/devices.if
@@ -4839,7 +4839,7 @@ interface(`dev_relabelfrom_vfio_dev',`
 
 ############################
 ## <summary>
-##     Allow read/write the vhost net device
+##     Allow read/write the vhost devices
 ## </summary>
 ## <param name="domain">
 ##     <summary>

diff --git a/policy/modules/kernel/devices.te b/policy/modules/kernel/devices.te
index 4ce5fecf..79b9c8da 100644
--- a/policy/modules/kernel/devices.te
+++ b/policy/modules/kernel/devices.te
@@ -286,7 +286,8 @@ type v4l_device_t;
 dev_node(v4l_device_t)
 
 #
-# vhost_device_t is the type for /dev/vhost-net
+# vhost_device_t is the type for vhost devices like
+# /dev/vhost-net and /dev/vhost-scsi
 #
 type vhost_device_t;
 dev_node(vhost_device_t)

Reply via email to