## Allow qemu to connect fully to the network -@@ -13,16 +15,98 @@ +@@ -13,16 +15,105 @@ ##
++## Allow qemu to use usb devices ++##
++##
+## Allow qemu to use nfs file systems
@@ -3551,16 +3558,24 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
tunable_policy(`qemu_full_network',`
allow qemu_t self:udp_socket create_socket_perms;
-@@ -35,6 +119,30 @@
+@@ -35,6 +126,38 @@
corenet_tcp_connect_all_ports(qemu_t)
')
+tunable_policy(`qemu_use_nfs',`
++ fs_manage_nfs_dirs(qemu_t)
+ fs_manage_nfs_files(qemu_t)
+')
+
+tunable_policy(`qemu_use_cifs',`
+ fs_manage_cifs_dirs(qemu_t)
++ fs_manage_cifs_files(qemu_t)
++')
++
++tunable_policy(`qemu_use_usb',`
++ dev_rw_usbfs(qemu_t)
++ fs_manage_dos_dirs(qemu_t)
++ fs_manage_dos_files(qemu_t)
+')
+
+optional_policy(`
@@ -20626,7 +20641,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.te serefpolicy-3.6.1/policy/modules/services/ssh.te
--- nsaserefpolicy/policy/modules/services/ssh.te 2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.1/policy/modules/services/ssh.te 2008-12-18 10:03:59.000000000 -0500
++++ serefpolicy-3.6.1/policy/modules/services/ssh.te 2008-12-27 07:07:28.000000000 -0500
@@ -75,7 +75,7 @@
ubac_constrained(ssh_tmpfs_t)
@@ -20678,7 +20693,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
optional_policy(`
-@@ -318,6 +323,10 @@
+@@ -310,6 +315,8 @@
+ kernel_search_key(sshd_t)
+ kernel_link_key(sshd_t)
+
++fs_list_inotifyfs(sshd_t)
++
+ term_use_all_user_ptys(sshd_t)
+ term_setattr_all_user_ptys(sshd_t)
+ term_relabelto_all_user_ptys(sshd_t)
+@@ -318,6 +325,10 @@
corenet_tcp_bind_xserver_port(sshd_t)
corenet_sendrecv_xserver_server_packets(sshd_t)
@@ -20689,7 +20713,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
tunable_policy(`ssh_sysadm_login',`
# Relabel and access ptys created by sshd
# ioctl is necessary for logout() processing for utmp entry and for w to
-@@ -331,6 +340,14 @@
+@@ -331,6 +342,14 @@
')
optional_policy(`
@@ -20704,7 +20728,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
daemontools_service_domain(sshd_t, sshd_exec_t)
')
-@@ -349,7 +366,11 @@
+@@ -349,7 +368,11 @@
')
optional_policy(`
@@ -20717,7 +20741,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
unconfined_shell_domtrans(sshd_t)
')
-@@ -408,6 +429,8 @@
+@@ -408,6 +431,8 @@
init_use_fds(ssh_keygen_t)
init_use_script_ptys(ssh_keygen_t)
@@ -26411,7 +26435,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/dev/shm/mono.* gen_context(system_u:object_r:user_tmpfs_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.6.1/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2008-11-13 18:40:02.000000000 -0500
-+++ serefpolicy-3.6.1/policy/modules/system/userdomain.if 2008-12-18 10:02:36.000000000 -0500
++++ serefpolicy-3.6.1/policy/modules/system/userdomain.if 2008-12-27 06:28:18.000000000 -0500
@@ -30,8 +30,9 @@
')
@@ -27739,7 +27763,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## Do not audit attempts to use user ttys.
##
##
-@@ -2965,6 +3150,24 @@
+@@ -2851,6 +3036,7 @@
+ ')
+
+ read_files_pattern($1,userdomain,userdomain)
++ read_lnk_files_pattern($1,userdomain,userdomain)
+ kernel_search_proc($1)
+ ')
+
+@@ -2965,6 +3151,24 @@
########################################
##