fedora snapper, tuned, and selinux policies

2025-10-14 12:32:57 -04:00
parent 8d98cd06fa
commit cb66fb6195
6 changed files with 199 additions and 12 deletions
--- a/active/os_fedora/selinux_policies/my-rpcvirtstorage.pp
+++ b/active/os_fedora/selinux_policies/my-rpcvirtstorage.pp
--- a/active/os_fedora/selinux_policies/my-rpcvirtstorage.te
+++ b/active/os_fedora/selinux_policies/my-rpcvirtstorage.te
@@ -0,0 +1,16 @@
+
+module my-rpcvirtstorage 1.0;
+
+require {
+	type user_home_t;
+	type virtstoraged_t;
+	type qemu_var_run_t;
+	class dir setattr;
+	class capability fowner;
+	class file setattr;
+}
+
+#============= virtstoraged_t ==============
+allow virtstoraged_t qemu_var_run_t:file setattr;
+allow virtstoraged_t self:capability fowner;
+allow virtstoraged_t user_home_t:dir setattr;