Layer: contrib

Module: virt

Tunables Interfaces Templates

Description:

Libvirt virtualization API

Tunables:

virt_read_qemu_ga_data

Default value

false

Description

Allow qemu-ga to read qemu-ga date.

virt_rw_qemu_ga_data

Default value

false

Description

Allow qemu-ga to manage qemu-ga date.

virt_sandbox_use_all_caps

Default value

true

Description

Allow sandbox containers to use all capabilities

virt_sandbox_use_audit

Default value

true

Description

Allow sandbox containers to send audit messages

virt_sandbox_use_fusefs

Default value

false

Description

Allow sandbox containers manage fuse files

virt_sandbox_use_mknod

Default value

false

Description

Allow sandbox containers to use mknod system calls

virt_sandbox_use_netlink

Default value

false

Description

Allow sandbox containers to use netlink system calls

virt_sandbox_use_sys_admin

Default value

false

Description

Allow sandbox containers to use sys_admin system calls, for example mount

virt_transition_userdomain

Default value

false

Description

Allow virtual processes to run as userdomains

virt_use_comm

Default value

false

Description

Allow confined virtual guests to use serial/parallel communication ports

virt_use_execmem

Default value

false

Description

Allow confined virtual guests to use executable memory and executable stack

virt_use_fusefs

Default value

false

Description

Allow confined virtual guests to read fuse files

virt_use_nfs

Default value

false

Description

Allow confined virtual guests to manage nfs files

virt_use_pcscd

Default value

false

Description

Allow confined virtual guests to use smartcards

virt_use_rawip

Default value

false

Description

Allow confined virtual guests to interact with rawip sockets

virt_use_samba

Default value

false

Description

Allow confined virtual guests to manage cifs files

virt_use_sanlock

Default value

false

Description

Allow confined virtual guests to interact with the sanlock

virt_use_usb

Default value

true

Description

Allow confined virtual guests to use usb devices

virt_use_xserver

Default value

false

Description

Allow confined virtual guests to interact with the xserver

Return

Interfaces:

virt_admin(
	
		domain
		
			,
		
		role
		
	)

Summary

All of the rules required to administrate an virt environment

Parameters

Parameter:	Description:
domain	Domain allowed access.
role	Role allowed access.

virt_append_log(
	
		domain
		
	)

Summary

Allow the specified domain to append virt log files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_attach_sandbox_tun_iface(
	
		domain
		
	)

Summary

Allow domain to attach to virt sandbox TUN devices

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_attach_tun_iface(
	
		domain
		
	)

Summary

Allow domain to attach to virt TUN devices

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_dbus_chat(
	
		domain
		
	)

Summary

Send and receive messages from virt over dbus.

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_default_capabilities(
	
		domain
		
	)

Summary

Getattr on virt executable.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.

virt_domtrans(
	
		domain
		
	)

Summary

Execute a domain transition to run virt.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.

virt_domtrans_bridgehelper(
	
		domain
		
	)

Summary

Transition to virt_bridgehelper.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.

virt_domtrans_qmf(
	
		domain
		
	)

Summary

Transition to virt_qmf.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.

virt_dontaudit_read_chr_dev(
	
		domain
		
	)

Summary

Dontaudit attempts to Read virt_image_type devices.

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_dontaudit_read_lib_files(
	
		domain
		
	)

Summary

Dontaudit inherited read virt lib files.

Parameters

Parameter:	Description:
domain	Domain to not audit.

virt_dontaudit_write_pipes(
	
		domain
		
	)

Summary

Do not audit attempts to write virt daemon unnamed pipes.

Parameters

Parameter:	Description:
domain	Domain to not audit.

virt_exec(
	
		domain
		
	)

Summary

Execute virtd in the caller domain.

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_exec_qemu(
	
		domain
		
	)

Summary

Execute a qemu_exec_t in the callers domain

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_exec_sandbox_files(
	
		domain
		
	)

Summary

Execute Sandbox Files

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_filetrans_home_content(
	
		domain
		
	)

Summary

Create .virt directory in the user home directory with an correct label.

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_filetrans_named_content(
	
		domain
		
	)

Summary

Transition to virt named content

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_getattr_content(
	
		domain
		
	)

Summary

Allow domain to manage virt image files

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_getattr_exec(
	
		domain
		
	)

Summary

Getattr on virt executable.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.

virt_getattr_images(
	
		domain
		
	)

Summary

Allow domain to getattr virt image direcories

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_getattr_sandbox_filesystem(
	
		domain
		
	)

Summary

Getattr Sandbox File systems

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_image(
	
		type
		
	)

Summary

Make the specified type usable as a virt image

Parameters

Parameter:	Description:
type	Type to be used as a virtual image

virt_kill(
	
		domain
		
	)

Summary

Send a sigkill to virtd daemon.

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_kill_svirt(
	
		domain
		
	)

Summary

Send a sigkill to virtual machines

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_list_sandbox_dirs(
	
		domain
		
	)

Summary

List Sandbox Dirs

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_manage_cache(
	
		domain
		
	)

Summary

Create, read, write, and delete svirt cache files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_manage_config(
	
		domain
		
	)

Summary

manage virt config files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_manage_default_image_type(
	
		domain
		
	)

Summary

Allow domain to manage virt image files

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_manage_home_files(
	
		domain
		
	)

Summary

Manage virt home files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_manage_images(
	
		domain
		
	)

Summary

Allow domain to manage virt image files

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_manage_lib_files(
	
		domain
		
	)

Summary

Create, read, write, and delete virt lib files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_manage_log(
	
		domain
		
	)

Summary

Allow domain to manage virt log files

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_manage_pid_dirs(
	
		domain
		
	)

Summary

Manage virt pid directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_manage_pid_files(
	
		domain
		
	)

Summary

Manage virt pid files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_manage_sandbox_files(
	
		domain
		
	)

Summary

Manage Sandbox Files

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_manage_tmpfs_files(
	
		domain
		
	)

Summary

allow domain to manage virt tmpfs files

Parameters

Parameter:	Description:
domain	Domain allowed access

virt_mounton_sandbox_file(
	
		domain
		
	)

Summary

Mounton Sandbox Files

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_noatsecure(
	
		domain
		
	)

Summary

Read and write to svirt_image devices.

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_pid_filetrans(
	
		domain
		
			,
		
		file
		
			,
		
		class
		
			,
		
		name
		
	)

Summary

Create objects in the pid directory with a private type with a type transition.

Parameters

Parameter:	Description:
domain	Domain allowed access.
file	Type to which the created node will be transitioned.
class	Object class(es) (single or set including {}) for which this the transition will occur.
name	The name of the object being created.

virt_ptrace(
	
		domain
		
	)

Summary

Ptrace the svirt domain

Parameters

Parameter:	Description:
domain	Domain allowed to transition.

virt_read_blk_images(
	
		domain
		
	)

Summary

Allow domain to read virt blk image files

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_read_config(
	
		domain
		
	)

Summary

Read virt config files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_read_content(
	
		domain
		
	)

Summary

Allow domain to manage virt image files

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_read_images(
	
		domain
		
	)

Summary

Allow domain to read virt image files

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_read_lib_files(
	
		domain
		
	)

Summary

Read virt lib files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_read_log(
	
		domain
		
	)

Summary

Allow the specified domain to read virt's log files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_read_pid_files(
	
		domain
		
	)

Summary

Read virt PID files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_read_pid_symlinks(
	
		domain
		
	)

Summary

Read virt PID symlinks files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_read_sandbox_files(
	
		domain
		
	)

Summary

Read Sandbox Files

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_read_tmpfs_files(
	
		domain
		
	)

Summary

allow domain to read virt tmpfs files

Parameters

Parameter:	Description:
domain	Domain allowed access

virt_relabel_sandbox_filesystem(
	
		domain
		
	)

Summary

Relabel Sandbox File systems

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_rlimitinh(
	
		domain
		
	)

Summary

Read and write to svirt_image devices.

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_rw_chr_files(
	
		domain
		
	)

Summary

Allow domain to read/write virt image chr files

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_rw_stream_sockets_svirt(
	
		domain
		
	)

Summary

Read and write to apmd unix stream sockets.

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_rw_svirt_dev(
	
		domain
		
	)

Summary

Read and write to svirt_image devices.

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_sandbox_domtrans(
	
		domain
		
			,
		
		target_domain
		
	)

Summary

Execute a file in a sandbox directory in the specified domain.

Description

Execute a file in a sandbox directory in the specified domain. This allows the specified domain to execute any file on these filesystems in the specified domain.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.
target_domain	The type of the new process.

virt_sandbox_entrypoint(
	
		domain
		
	)

Summary

Allow any svirt_file_type to be an entrypoint of this domain

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_sandbox_read_state(
	
		domain
		
	)

Summary

Read the process state of virt sandbox containers

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_search_images(
	
		domain
		
	)

Summary

Allow domain to search virt image direcories

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_search_lib(
	
		domain
		
	)

Summary

Search virt lib directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_signal(
	
		domain
		
	)

Summary

Send a signal to virtd daemon.

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_signal_sandbox(
	
		domain
		
	)

Summary

Send a signal to sandbox domains

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_signal_svirt(
	
		domain
		
	)

Summary

Send a signal to virtual machines

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_signull(
	
		domain
		
	)

Summary

Send null signal to virtd daemon.

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_stream_connect(
	
		domain
		
	)

Summary

Connect to virt over a unix domain stream socket.

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_stream_connect_sandbox(
	
		domain
		
	)

Summary

Connect to virt over a unix domain stream socket.

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_stream_connect_svirt(
	
		domain
		
	)

Summary

Connect to svirt process over a unix domain stream socket.

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_stub_container_image(
	
		domain
		
	)

Summary

container_file_t stub interface. No access allowed.

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_stub_lxc(
	
		domain
		
	)

Summary

virtd_lxc_t stub interface. No access allowed.

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_stub_svirt_sandbox_domain(
	
		domain
		
	)

Summary

svirt_sandbox_domain attribute stub interface. No access allowed.

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_stub_svirt_sandbox_file(
	
		?
		
	)

Summary

Summary is missing!

Parameters

Parameter:	Description:
?	Parameter descriptions are missing!

virt_systemctl(
	
		domain
		
	)

Summary

Execute virt server in the virt domain.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.

virt_transition_svirt(
	
		domain
		
			,
		
		role
		
	)

Summary

Execute qemu in the svirt domain, and allow the specified role the svirt domain.

Parameters

Parameter:	Description:
domain	Domain allowed access
role	The role to be allowed the sandbox domain.

virt_transition_svirt_sandbox(
	
		domain
		
			,
		
		role
		
	)

Summary

Execute qemu in the svirt domain, and allow the specified role the svirt domain.

Parameters

Parameter:	Description:
domain	Domain allowed access
role	The role to be allowed the sandbox domain.

virt_write_content(
	
		domain
		
	)

Summary

Allow domain to write virt image files

Parameters

Parameter:	Description:
domain	Domain allowed access.

Return

Templates:

virt_domain_template(
	
		prefix
		
	)

Summary

Creates types and rules for a basic qemu process domain.

Parameters

Parameter:	Description:
prefix	Prefix for the domain.

virt_sandbox_domain(
	
		type
		
	)

Summary

Make the specified type usable as a lxc domain

Parameters

Parameter:	Description:
type	Type to be used as a lxc domain

virt_sandbox_domain_template(
	
		prefix
		
	)

Summary

Creates types and rules for a basic virt_lxc process domain.

Parameters

Parameter:	Description:
prefix	Prefix for the domain.

virt_sandbox_net_domain(
	
		type
		
	)

Summary

Make the specified type usable as a lxc network domain

Parameters

Parameter:	Description:
type	Type to be used as a lxc network domain

Return