Skip to content

Commit

Permalink
Allow virtqemud domain transition on numad execution
Browse files Browse the repository at this point in the history
The commit addresses the following AVC denial:
type=AVC msg=audit(1730798043.779:27002): avc:  denied  { execute } for  pid=1041433 comm="rpc-virtqemud" name="numad" dev="vda4" ino=1646 scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:numad_exec_t:s0 tclass=file permissive=1

Resolves: RHEL-65789
  • Loading branch information
zpytela committed Jan 3, 2025
1 parent ad4a541 commit 6d2ceaa
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions policy/modules/contrib/virt.te
Original file line number Diff line number Diff line change
Expand Up @@ -2274,6 +2274,10 @@ optional_policy(`
dnsmasq_filetrans_named_content_fromdir(virtqemud_t, virtqemud_var_run_t)
')

optional_policy(`
numad_domtrans(virtqemud_t)
')

optional_policy(`
qemu_exec(virtqemud_t)
')
Expand Down

0 comments on commit 6d2ceaa

Please sign in to comment.