Layer: apps

Module: qemu

Tunables Interfaces Templates

Description:

QEMU machine emulator and virtualizer


Tunables:

qemu_full_network
Default value

false

Description

Allow qemu to connect fully to the network

qemu_use_cifs
Default value

true

Description

Allow qemu to use cifs/Samba file systems

qemu_use_nfs
Default value

true

Description

Allow qemu to use nfs file systems

Return

Interfaces:

qemu_domtrans( domain )
Summary

Execute a domain transition to run qemu.

Parameters
Parameter:Description:
domain

Domain allowed to transition.

qemu_domtrans_unconfined( domain )
Summary

Execute a domain transition to run qemu.

Parameters
Parameter:Description:
domain

Domain allowed to transition.

qemu_kill( domain )
Summary

Send a sigill to qemu

Parameters
Parameter:Description:
domain

Domain allowed access.

qemu_read_state( domain )
Summary

Allow the domain to read state files in /proc.

Parameters
Parameter:Description:
domain

Domain to allow access.

qemu_role( role )
Summary

Execute qemu programs in the role.

Parameters
Parameter:Description:
role

The role to allow the PAM domain.

qemu_run( domain , role , terminal )
Summary

Execute qemu in the qemu domain.

Parameters
Parameter:Description:
domain

Domain allowed access.

role

The role to allow the qemu domain.

terminal

The type of the terminal allow the qemu domain to use.

qemu_runas( domain , role , terminal )
Summary

Execute qemu programs in the qemu domain.

Parameters
Parameter:Description:
domain

Domain allowed access.

role

The role to allow the PAM domain.

terminal

The type of the terminal allow the PAM domain to use.

qemu_runas_unconfined( domain , role , terminal )
Summary

Execute qemu programs in the qemu unconfined domain.

Parameters
Parameter:Description:
domain

Domain allowed access.

role

The role to allow the PAM domain.

terminal

The type of the terminal allow the PAM domain to use.

qemu_setsched( domain )
Summary

Set the schedule on qemu.

Parameters
Parameter:Description:
domain

Domain allowed access.

qemu_signal( domain )
Summary

Send a signal to qemu.

Parameters
Parameter:Description:
domain

Domain allowed access.

qemu_spec_domtrans( domain , target_domain )
Summary

Execute qemu_exec_t in the specified domain but do not do it automatically. This is an explicit transition, requiring the caller to use setexeccon().

Description

Execute qemu_exec_t in the specified domain. This allows the specified domain to qemu programs on these filesystems in the specified domain.

Parameters
Parameter:Description:
domain

Domain allowed access.

target_domain

The type of the new process.

qemu_unconfined_role( role )
Summary

Execute qemu unconfined programs in the role.

Parameters
Parameter:Description:
role

The role to allow the PAM domain.

Return

Templates:

qemu_domain_template( prefix )
Summary

Creates types and rules for a basic qemu process domain.

Parameters
Parameter:Description:
prefix

Prefix for the domain.

qemu_per_role_template( userdomain_prefix , user_domain , user_role )
Summary

The per role template for the qemu module.

Description

This template creates a derived domains which are used for qemu web browser.

This template is invoked automatically for each user, and generally does not need to be invoked directly by policy writers.

Parameters
Parameter:Description:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

user_domain

The type of the user domain.

user_role

The role associated with the user domain.

qemu_per_role_template_notrans( userdomain_prefix , user_domain , user_role )
Summary

The per role template for the qemu module.

Description

This template creates a derived domains which are used for qemu web browser.

This template is invoked automatically for each user, and generally does not need to be invoked directly by policy writers.

Parameters
Parameter:Description:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

user_domain

The type of the user domain.

user_role

The role associated with the user domain.

Return