Libvirt virtualization API
false
Allow confined virtual guests to use serial/parallel communication ports
false
Allow confined virtual guests to read fuse files
false
Allow confined virtual guests to manage nfs files
false
Allow confined virtual guests to manage cifs files
false
Allow confined virtual guests to manage device configuration, (pci)
true
Allow confined virtual guests to use usb devices
false
Allow confined virtual guests to interact with the xserver
All of the rules required to administrate an virt environment
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
role |
Role allowed access. |
Allow the specified domain to append virt log files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Allow domain to attach to virt TUN devices
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Execute a domain transition to run virt.
Parameter: | Description: |
---|---|
domain |
Domain allowed to transition. |
Dontaudit inherited read virt lib files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Do not audit attempts to write virt daemon unnamed pipes.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Make the specified type usable as a virt image
Parameter: | Description: |
---|---|
type |
Type to be used as a virtual image |
Send a sigkill to virtual machines
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create, read, write, and delete svirt cache files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
manage virt config files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Manage virt home files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Allow domain to manage virt image files
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create, read, write, and delete virt lib files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Allow domain to manage virt log files
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Manage virt pid files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
allow domain to manage virt tmpfs files
Parameter: | Description: |
---|---|
domain |
Domain allowed access |
Create objects in the pid directory with a private type with a type transition.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
file |
Type to which the created node will be transitioned. |
class |
Object class(es) (single or set including {}) for which this the transition will occur. |
Allow domain to read virt blk image files
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read virt config files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Allow domain to manage virt image files
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Allow domain to read virt image files
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read virt lib files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Allow the specified domain to read virt's log files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read virt PID files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
allow domain to read virt tmpfs files
Parameter: | Description: |
---|---|
domain |
Domain allowed access |
Search virt lib directories.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Send a signal to virtual machines
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Connect to virt over an unix domain stream socket.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Execute qemu in the svirt domain, and allow the specified role the svirt domain.
Parameter: | Description: |
---|---|
domain |
Domain allowed access |
role |
The role to be allowed the sandbox domain. |
Allow domain to write virt image files
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Creates types and rules for a basic qemu process domain.
Parameter: | Description: |
---|---|
prefix |
Prefix for the domain. |