On Fri, 2013-11-15 at 15:02 +0100, Gabriele Pohl wrote:
Hi,
I use Munin plugin diskwatch to monitor a KVM-Host
and am getting AVC denials at access to logical volumes
labeled with type "svirt_image_t"
snip<
Should I really change the label or will that make problems for
qemu?
Is it ok to grant access privileges to munin_disk_plugin_t ?
No, you should not change the label as setroubleshoot suggested.
@drjohnson1: Will you then please add the following rules to SELinux
policy of munin-node:
--------------------------------
module diskwatch-pol 1.0;
require {
type svirt_image_t;
type munin_disk_plugin_t;
class blk_file getattr;
}
#============= munin_disk_plugin_t ==============
allow munin_disk_plugin_t svirt_image_t:blk_file getattr;
--------------------------------
In theory you should add a rule like the above yes, but it is probably
not enough
Thanks for your advice and kind regards,
Gabriele
--
selinux mailing list
selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux