Layer: services

Module: virt

Tunables Interfaces Templates

Description:

Libvirt virtualization API

Tunables:

virt_use_comm

Default value

false

Description

Allow virt to use serial/parallell communication ports

virt_use_execmem

Default value

false

Description

Allow confined virtual guests to use executable memory and executable stack

virt_use_fusefs

Default value

false

Description

Allow virt to read fuse files

virt_use_nfs

Default value

false

Description

Allow virt to manage nfs files

virt_use_samba

Default value

false

Description

Allow virt to manage cifs files

virt_use_sanlock

Default value

false

Description

Allow confined virtual guests to interact with the sanlock

virt_use_sysfs

Default value

false

Description

Allow virt to manage device configuration, (pci)

virt_use_usb

Default value

true

Description

Allow virt to use usb devices

virt_use_xserver

Default value

false

Description

Allow virtual machine to interact with the xserver

Return

Interfaces:

virt_admin(
	
		domain
		
			,
		
		role
		
	)

Summary

All of the rules required to administrate an virt environment

Parameters

Parameter:	Description:
domain	Domain allowed access.
role	Role allowed access.

virt_append_log(
	
		domain
		
	)

Summary

Allow the specified domain to append virt log files.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.

virt_attach_tun_iface(
	
		domain
		
	)

Summary

Allow domain to attach to virt TUN devices

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_domtrans(
	
		domain
		
	)

Summary

Execute a domain transition to run virt.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.

virt_domtrans_bridgehelper(
	
		domain
		
	)

Summary

Transition to virt_bridgehelper.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.

virt_dontaudit_read_lib_files(
	
		domain
		
	)

Summary

Dontaudit inherited read virt lib files.

Parameters

Parameter:	Description:
domain	Domain to not audit.

virt_dontaudit_write_pipes(
	
		domain
		
	)

Summary

Do not audit attempts to write virt daemon unnamed pipes.

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_dontaudit_write_tmp_files(
	
		domain
		
	)

Summary

dontaudit domain to write virt tmp files

Parameters

Parameter:	Description:
domain	Domain allowed access

virt_exec_sandbox_files(
	
		domain
		
	)

Summary

Execute Sandbox Files

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_getattr_exec(
	
		domain
		
	)

Summary

Getattr on virt executable.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.

virt_getattr_images(
	
		domain
		
	)

Summary

Allow domain to read virt image files

Parameters

Parameter:	Description:
domain	Domain to not audit.

virt_image(
	
		type
		
	)

Summary

Make the specified type usable as a virt image

Parameters

Parameter:	Description:
type	Type to be used as a virtual image

virt_kill(
	
		domain
		
	)

Summary

Send a sigkill to virtd daemon

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_kill_svirt(
	
		domain
		
	)

Summary

Send a sigkill to virtual machines

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_manage_cache(
	
		domain
		
	)

Summary

Create, read, write, and delete svirt cache files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_manage_config(
	
		domain
		
	)

Summary

manage virt config files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_manage_images(
	
		domain
		
	)

Summary

Allow domain to manage virt image files

Parameters

Parameter:	Description:
domain	Domain to not audit.

virt_manage_lib_files(
	
		domain
		
	)

Summary

Create, read, write, and delete virt lib files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_manage_log(
	
		domain
		
	)

Summary

Allow domain to manage virt log files

Parameters

Parameter:	Description:
domain	Domain to not audit.

virt_manage_pid_files(
	
		domain
		
	)

Summary

Manage virt pid files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_manage_sandbox_files(
	
		domain
		
	)

Summary

Manage Sandbox Files

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_mounton_sandbox_file(
	
		domain
		
	)

Summary

Mounton Sandbox Files

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_read_blk_images(
	
		domain
		
	)

Summary

Allow domain to read virt blk image files

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_read_config(
	
		domain
		
	)

Summary

Read virt config files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_read_content(
	
		domain
		
	)

Summary

Allow domain to manage virt image files

Parameters

Parameter:	Description:
domain	Domain to not audit.

virt_read_images(
	
		domain
		
	)

Summary

Allow domain to read virt image files

Parameters

Parameter:	Description:
domain	Domain to not audit.

virt_read_lib_files(
	
		domain
		
	)

Summary

Read virt lib files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_read_log(
	
		domain
		
	)

Summary

Allow the specified domain to read virt's log files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_read_pid_files(
	
		domain
		
	)

Summary

Read virt PID files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_read_pid_symlinks(
	
		domain
		
	)

Summary

Read virt PID lnk files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_read_tmp_files(
	
		domain
		
	)

Summary

allow domain to read virt tmpf files

Parameters

Parameter:	Description:
domain	Domain allowed access

virt_relabel_sandbox_filesystem(
	
		domain
		
	)

Summary

Relabel Sandbox File systems

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_run(
	
		domain
		
			,
		
		role
		
	)

Summary

Execute a domain transition to run virt.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.
role	Role allowed to access.

virt_search_content(
	
		domain
		
	)

Summary

Allow domain to search virt image files

Parameters

Parameter:	Description:
domain	Domain to not audit.

virt_search_images(
	
		domain
		
	)

Summary

Allow domain to search virt image direcories

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_search_lib(
	
		domain
		
	)

Summary

Search virt lib directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_signal_svirt(
	
		domain
		
	)

Summary

Send a signal to virtual machines

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_stream_connect(
	
		domain
		
	)

Summary

Connect to virt over an unix domain stream socket.

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_stream_connect_sandbox(
	
		domain
		
	)

Summary

Connect to virt over a unix domain stream socket.

Parameters

Parameter:	Description:
domain	Domain allowed access.

virt_transition_svirt(
	
		domain
		
			,
		
		role
		
	)

Summary

Execute qemu in the svirt domain, and allow the specified role the svirt domain.

Parameters

Parameter:	Description:
domain	Domain allowed access
role	The role to be allowed the svirt domain.

virt_write_content(
	
		domain
		
	)

Summary

Allow domain to write virt image files

Parameters

Parameter:	Description:
domain	Domain to not audit.

virt_write_tmp_sock(
	
		domain
		
	)

Summary

Allow domain to write virt tmp sock files

Parameters

Parameter:	Description:
domain	Domain allowed access

Return

Templates:

virt_domain_template(
	
		prefix
		
	)

Summary

Creates types and rules for a basic qemu process domain.

Parameters

Parameter:	Description:
prefix	Prefix for the domain.

Return