SELinux: add NFS permissions for swtpm_t

swtpm fails with a NFS mount. `setsebool virt_use_nfs on` should fix it. Resolves: https://issues.redhat.com/browse/RHEL-73809 Signed-off-by: Marc-André Lureau <[email protected]>
stefanberger · Jan 20, 2025 · cfe93d9 · cfe93d9
1 parent 01e804f
commit cfe93d9
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/src/selinux/swtpm.te b/src/selinux/swtpm.te
@@ -13,6 +13,7 @@ require {
 	type virtqemud_t;
 	type virtqemud_tmp_t;
 	class file map;
+	tunable virt_use_nfs;
 }
 
 attribute_role swtpm_roles;
@@ -45,3 +46,10 @@ files_read_etc_files(swtpm_t)
 auth_use_nsswitch(swtpm_t)
 
 miscfiles_read_localization(swtpm_t)
+
+tunable_policy(`virt_use_nfs',`
+	fs_manage_nfs_dirs(swtpm_t)
+	fs_manage_nfs_files(swtpm_t)
+	fs_read_nfs_symlinks(swtpm_t)
+	fs_mmap_nfs_files(swtpm_t)
+')