## VMWare Workstation virtual machines
########################################
##
## Role access for vmware
##
##
##
## Role allowed access
##
##
##
##
## User domain for the role
##
##
#
interface(`vmware_role',`
gen_require(`
type vmware_t, vmware_exec_t;
')
role $1 types vmware_t;
# Transition from the user domain to the derived domain.
domtrans_pattern($2, vmware_exec_t, vmware_t)
# allow ps to show vmware and allow the user to kill it
ps_process_pattern($2, vmware_t)
allow $2 vmware_t:process signal;
')
########################################
##
## Execute vmware host executables
##
##
##
## Domain allowed access.
##
##
#
interface(`vmware_exec_host',`
gen_require(`
type vmware_host_exec_t;
')
can_exec($1, vmware_host_exec_t)
')
########################################
##
## Read VMWare system configuration files.
##
##
##
## Domain allowed access.
##
##
#
interface(`vmware_read_system_config',`
gen_require(`
type vmware_sys_conf_t;
')
allow $1 vmware_sys_conf_t:file { getattr read };
')
########################################
##
## Append to VMWare system configuration files.
##
##
##
## Domain allowed access.
##
##
#
interface(`vmware_append_system_config',`
gen_require(`
type vmware_sys_conf_t;
')
allow $1 vmware_sys_conf_t:file append;
')
########################################
##
## Append to VMWare log files.
##
##
##
## Domain allowed access.
##
##
#
interface(`vmware_append_log',`
gen_require(`
type vmware_log_t;
')
logging_search_logs($1)
append_files_pattern($1, vmware_log_t, vmware_log_t)
')