--On Friday, January 25, 2002 12:16:59 PM -0600 "Westerman, Mark" <Mark.Westerman@csoconline.com> wrote:

>
>
> I created the following rule for running selinux in a vmware session.
>
> I currently have a prototype vmware domain for the host OS.

i created something a bit more complex. i also attempted to make the policy file relatively self-contained (for example, the attached file adds the vmware_guestd_t type to the system_r role, rather than having to add it in the rbac file; this may be a matter of taste). the file is also extensively (excessively?) annotated.

it isn't yet with the newest release (the 2.4.17 kernel one) or on a redhat 7.2 system; it was done with some of the earlier releases, up to and including the 2.4.16 kernel one, with VMware 2.04 and 3.0.

> File: setfiles/file_contexts
># Added for vmware session
> /etc/modules.conf(|.*) system_u:object_r:modules_conf_t

i also added

/etc/vmware-tools/vmware-guestd system_u:object_r:vmware_guestd_exec_t

to setfiles/file_contexts.

-paul

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.



application/octet-stream attachment: vmware.te