Allow qm_t to be entered from all executables

Signed-off-by: Daniel J Walsh <[email protected]>
sandrobonazzola · May 11, 2023 · 1b7f437 · 1b7f437
1 parent 1f7d506
commit 1b7f437
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 1 deletion.
diff --git a/qm.if b/qm.if
@@ -173,6 +173,8 @@ template(`qm_domain_template',`
 	allow $1_t sysctl_irq_t:dir { getattr mounton };
 	allow $1_t sysctl_t:file { getattr mounton };
 
+	corecmd_entrypoint_all_executables($1_t)
+
 	corenet_icmp_bind_generic_node($1_t)
 	corenet_raw_bind_generic_node($1_t)
 	corenet_rw_tun_tap_dev($1_t)

diff --git a/qm.te b/qm.te
@@ -1,3 +1,3 @@
-policy_module(qm, 0.1.0)
+policy_module(qm, 0.1.1)
 
 qm_domain_template(qm)