Libvirt virtualization API
false
Allow qemu-ga to read qemu-ga date.
false
Allow qemu-ga to manage qemu-ga date.
true
Allow sandbox containers to use all capabilities
true
Allow sandbox containers to send audit messages
false
Allow sandbox containers manage fuse files
false
Allow sandbox containers to use mknod system calls
false
Allow sandbox containers to use netlink system calls
false
Allow sandbox containers to use sys_admin system calls, for example mount
false
Allow virtual processes to run as userdomains
false
Allow confined virtual guests to use serial/parallel communication ports
false
Allow confined virtual guests to use executable memory and executable stack
false
Allow confined virtual guests to read fuse files
false
Allow confined virtual guests to manage nfs files
false
Allow confined virtual guests to use smartcards
false
Allow confined virtual guests to interact with rawip sockets
false
Allow confined virtual guests to manage cifs files
false
Allow confined virtual guests to interact with the sanlock
true
Allow confined virtual guests to use usb devices
false
Allow confined virtual guests to interact with the xserver
All of the rules required to administrate an virt environment
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
role |
Role allowed access. |
Allow the specified domain to append virt log files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Allow domain to attach to virt sandbox TUN devices
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Allow domain to attach to virt TUN devices
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Send and receive messages from virt over dbus.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Getattr on virt executable.
Parameter: | Description: |
---|---|
domain |
Domain allowed to transition. |
Execute a domain transition to run virt.
Parameter: | Description: |
---|---|
domain |
Domain allowed to transition. |
Transition to virt_bridgehelper.
Parameter: | Description: |
---|---|
domain |
Domain allowed to transition. |
Transition to virt_qmf.
Parameter: | Description: |
---|---|
domain |
Domain allowed to transition. |
Dontaudit attempts to Read virt_image_type devices.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Dontaudit inherited read virt lib files.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to write virt daemon unnamed pipes.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Execute virtd in the caller domain.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Execute a qemu_exec_t in the callers domain
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Execute Sandbox Files
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create .virt directory in the user home directory with an correct label.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Transition to virt named content
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Allow domain to manage virt image files
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Getattr on virt executable.
Parameter: | Description: |
---|---|
domain |
Domain allowed to transition. |
Allow domain to getattr virt image direcories
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Getattr Sandbox File systems
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Make the specified type usable as a virt image
Parameter: | Description: |
---|---|
type |
Type to be used as a virtual image |
Send a sigkill to virtd daemon.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Send a sigkill to virtual machines
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
List Sandbox Dirs
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create, read, write, and delete svirt cache files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
manage virt config files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Allow domain to manage virt image files
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Manage virt home files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Allow domain to manage virt image files
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create, read, write, and delete virt lib files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Allow domain to manage virt log files
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Manage virt pid directories.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Manage virt pid files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Manage Sandbox Files
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
allow domain to manage virt tmpfs files
Parameter: | Description: |
---|---|
domain |
Domain allowed access |
Mounton Sandbox Files
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read and write to svirt_image devices.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create objects in the pid directory with a private type with a type transition.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
file |
Type to which the created node will be transitioned. |
class |
Object class(es) (single or set including {}) for which this the transition will occur. |
name |
The name of the object being created. |
Ptrace the svirt domain
Parameter: | Description: |
---|---|
domain |
Domain allowed to transition. |
Allow domain to read virt blk image files
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read virt config files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Allow domain to manage virt image files
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Allow domain to read virt image files
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read virt lib files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Allow the specified domain to read virt's log files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read virt PID files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read virt PID symlinks files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read Sandbox Files
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
allow domain to read virt tmpfs files
Parameter: | Description: |
---|---|
domain |
Domain allowed access |
Relabel Sandbox File systems
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read and write to svirt_image devices.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Allow domain to read/write virt image chr files
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read and write to apmd unix stream sockets.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read and write to svirt_image devices.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Execute a file in a sandbox directory in the specified domain.
Execute a file in a sandbox directory in the specified domain. This allows the specified domain to execute any file on these filesystems in the specified domain.
Parameter: | Description: |
---|---|
domain |
Domain allowed to transition. |
target_domain |
The type of the new process. |
Allow any svirt_file_type to be an entrypoint of this domain
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read the process state of virt sandbox containers
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Allow domain to search virt image direcories
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Search virt lib directories.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Send a signal to virtd daemon.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Send a signal to sandbox domains
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Send a signal to virtual machines
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Send null signal to virtd daemon.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Connect to virt over a unix domain stream socket.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Connect to virt over a unix domain stream socket.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Connect to svirt process over a unix domain stream socket.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
container_file_t stub interface. No access allowed.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
virtd_lxc_t stub interface. No access allowed.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
svirt_sandbox_domain attribute stub interface. No access allowed.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Summary is missing!
Parameter: | Description: |
---|---|
? |
Parameter descriptions are missing! |
Execute virt server in the virt domain.
Parameter: | Description: |
---|---|
domain |
Domain allowed to transition. |
Execute qemu in the svirt domain, and allow the specified role the svirt domain.
Parameter: | Description: |
---|---|
domain |
Domain allowed access |
role |
The role to be allowed the sandbox domain. |
Execute qemu in the svirt domain, and allow the specified role the svirt domain.
Parameter: | Description: |
---|---|
domain |
Domain allowed access |
role |
The role to be allowed the sandbox domain. |
Allow domain to write virt image files
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Creates types and rules for a basic qemu process domain.
Parameter: | Description: |
---|---|
prefix |
Prefix for the domain. |
Make the specified type usable as a lxc domain
Parameter: | Description: |
---|---|
type |
Type to be used as a lxc domain |
Creates types and rules for a basic virt_lxc process domain.
Parameter: | Description: |
---|---|
prefix |
Prefix for the domain. |
Make the specified type usable as a lxc network domain
Parameter: | Description: |
---|---|
type |
Type to be used as a lxc network domain |