ca2749e1bd
In practical terms, passt doesn't benefit from the additional protection offered by the AGPL over the GPL, because it's not suitable to be executed over a computer network. Further, restricting the distribution under the version 3 of the GPL wouldn't provide any practical advantage either, as long as the passt codebase is concerned, and might cause unnecessary compatibility dilemmas. Change licensing terms to the GNU General Public License Version 2, or any later version, with written permission from all current and past contributors, namely: myself, David Gibson, Laine Stump, Andrea Bolognani, Paul Holzinger, Richard W.M. Jones, Chris Kuhn, Florian Weimer, Giuseppe Scrivano, Stefan Hajnoczi, and Vasiliy Ulyanov. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
110 lines
1.8 KiB
Text
110 lines
1.8 KiB
Text
# SPDX-License-Identifier: GPL-2.0-or-later
|
|
#
|
|
# PASST - Plug A Simple Socket Transport
|
|
# for qemu/UNIX domain socket mode
|
|
#
|
|
# contrib/selinux/passt.if - SELinux profile: Interface File for passt
|
|
#
|
|
# Copyright (c) 2022 Red Hat GmbH
|
|
# Author: Stefano Brivio <sbrivio@redhat.com>
|
|
|
|
interface(`passt_domtrans',`
|
|
gen_require(`
|
|
type passt_t, passt_exec_t;
|
|
')
|
|
|
|
corecmd_search_bin($1)
|
|
domtrans_pattern($1, passt_exec_t, passt_t)
|
|
')
|
|
|
|
interface(`passt_socket_dir',`
|
|
gen_require(`
|
|
type passt_t;
|
|
')
|
|
|
|
allow passt_t $1:dir add_entry_dir_perms;
|
|
')
|
|
|
|
interface(`passt_socket_create',`
|
|
gen_require(`
|
|
type passt_t;
|
|
')
|
|
|
|
allow passt_t $1:sock_file create;
|
|
')
|
|
|
|
interface(`passt_socket_use',`
|
|
gen_require(`
|
|
type passt_t;
|
|
')
|
|
|
|
allow $1 passt_t:unix_stream_socket connectto;
|
|
allow $1 $2:sock_file { read write };
|
|
allow passt_t $2:sock_file { read write };
|
|
')
|
|
|
|
interface(`passt_socket_delete',`
|
|
gen_require(`
|
|
type passt_t;
|
|
')
|
|
|
|
allow $1 $2:sock_file unlink;
|
|
')
|
|
|
|
interface(`passt_logfile_dir',`
|
|
gen_require(`
|
|
type passt_t;
|
|
')
|
|
|
|
allow passt_t $1:dir add_entry_dir_perms;
|
|
')
|
|
|
|
interface(`passt_logfile_use',`
|
|
gen_require(`
|
|
type passt_t;
|
|
')
|
|
|
|
logging_log_file($1);
|
|
allow passt_t $1:file { create open read write };
|
|
')
|
|
|
|
interface(`passt_pidfile_dir',`
|
|
gen_require(`
|
|
type passt_t;
|
|
')
|
|
|
|
allow passt_t $1:dir add_entry_dir_perms;
|
|
')
|
|
|
|
interface(`passt_pidfile_write',`
|
|
gen_require(`
|
|
type passt_t;
|
|
')
|
|
|
|
files_pid_file($1);
|
|
allow passt_t $1:file { create open write };
|
|
')
|
|
|
|
interface(`passt_pidfile_read',`
|
|
gen_require(`
|
|
type passt_t;
|
|
')
|
|
|
|
allow $1 $2:file { open read };
|
|
')
|
|
|
|
interface(`passt_pidfile_delete',`
|
|
gen_require(`
|
|
type passt_t;
|
|
')
|
|
|
|
allow $1 $2:file unlink;
|
|
')
|
|
|
|
interface(`passt_kill',`
|
|
gen_require(`
|
|
type passt_t;
|
|
')
|
|
|
|
allow $1 passt_t:process { signal sigkill };
|
|
')
|