diff options
Diffstat (limited to 'policy/modules/services/virt.te')
| -rw-r--r-- | policy/modules/services/virt.te | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/policy/modules/services/virt.te b/policy/modules/services/virt.te index 1e7923ed7..be91303c1 100644 --- a/policy/modules/services/virt.te +++ b/policy/modules/services/virt.te @@ -78,6 +78,14 @@ gen_tunable(virt_use_xserver, false) ## </desc> gen_tunable(virt_use_vfio, false) +## <desc> +## <p> +## Determine whether confined virtual guests +## can use input devices via evdev pass through. +## </p> +## </desc> +gen_tunable(virt_use_evdev, false) + attribute virt_ptynode; attribute virt_domain; attribute virt_image_type; @@ -452,6 +460,12 @@ tunable_policy(`virt_use_vfio',` dev_rw_vfio_dev(svirt_t) ') +tunable_policy(`virt_use_evdev',` + # qemu uses IOCTLs 0x01, 0x06, 0x90, and potentially others + # see qemu:include/standard-headers/linux/input.h + dev_ioctl_input_dev(svirt_t) +') + ######################################## # # virtd local policy |