selinux: Add rule to allow swtpm_t opening of virt_log_t files (BZ 22…

…78123) Link: https://bugzilla.redhat.com/show_bug.cgi?id=2278123#c40 Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
stefanberger · Feb 24, 2025 · 76b377f · 76b377f
1 parent 8115cf7
commit 76b377f
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/src/selinux/swtpm.te b/src/selinux/swtpm.te
@@ -9,6 +9,7 @@ require {
 	type qemu_var_run_t;
 	type svirt_image_t;
 	type var_log_t;
+	type virt_log_t;
 	type virt_var_lib_t;
 	type virtqemud_t;
 	type virtqemud_tmp_t;
@@ -37,7 +38,7 @@ allow swtpm_t virt_var_lib_t:file { create rename setattr unlink write map };
 allow swtpm_t virtqemud_t:unix_stream_socket { read write getattr };
 allow swtpm_t virtqemud_tmp_t:file { open write };
 allow swtpm_t svirt_image_t:file { open append };  # BZ2306817
-
+allow swtpm_t virt_log_t:file open; # BZ2278123 Comment 39
 
 domain_use_interactive_fds(swtpm_t)