Add vsock items to SELinux policy (thanks to mm19827 of gmail.com).

2020-01-13 07:28:49 +11:00 · 2020-01-13 07:28:49 +11:00 · d012f391c4
commit d012f391c4
parent fb8dad37fc
2 changed files with 8 additions and 2 deletions
--- a/xrdp.spec
+++ b/xrdp.spec
@ -13,7 +13,7 @@ Summary:   Open source remote desktop protocol (RDP) server
 Name:      xrdp
 Epoch:     1
 Version:   0.9.12
-Release:   2%{?dist}
+Release:   3%{?dist}
 License:   ASL 2.0
 URL:       http://www.xrdp.org/
 Source0:   https://github.com/neutrinolabs/xrdp/releases/download/v%{version}/xrdp-%{version}.tar.gz
@ -269,6 +269,9 @@ fi
 %{_datadir}/selinux/*/%{name}.pp
 %changelog
 * Mon Jan 13 2020 Bojan Smojver <bojan@rexurive.com> - 1:0.9.12-3
 - Add vsock items to SELinux policy (thanks to mm19827 of gmail.com)
 * Sun Jan 12 2020 Bojan Smojver <bojan@rexurive.com> - 1:0.9.12-2
 - Enable vsock (bug #1787953)
--- a/xrdp.te
+++ b/xrdp.te
@ -1,8 +1,9 @@
-module xrdp 1.0.1;
+module xrdp 1.0.2;
 require {
        type unconfined_service_t;
        type unconfined_t;
        type unlabeled_t;
        type xserver_exec_t;
        type xserver_t;
        type oddjob_t;
@ -10,11 +11,13 @@ require {
        class process transition;
        class file entrypoint;
        class process2 nnp_transition;
        class vsock_socket { getattr read write };
 }
 #============= unconfined_service_t ==============
 allow unconfined_service_t unconfined_t:process transition;
 allow unconfined_service_t oddjob_mkhomedir_exec_t:file entrypoint;
 allow unconfined_service_t unlabeled_t:vsock_socket { getattr read write };
 #============= unconfined_t ==============
 allow unconfined_t xserver_exec_t:file entrypoint;