- Allow xdm to create user_tmp_t sockets for switch user to work
This commit is contained in:
Daniel J Walsh
parent
598de2dbc3
commit
4ed140a4b7
|
|
@ -3430,12 +3430,14 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||||
dbus_system_bus_client(podsleuth_t)
|
dbus_system_bus_client(podsleuth_t)
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.fc serefpolicy-3.6.4/policy/modules/apps/qemu.fc
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.fc serefpolicy-3.6.4/policy/modules/apps/qemu.fc
|
||||||
--- nsaserefpolicy/policy/modules/apps/qemu.fc 2008-08-07 11:15:02.000000000 -0400
|
--- nsaserefpolicy/policy/modules/apps/qemu.fc 2008-08-07 11:15:02.000000000 -0400
|
||||||
+++ serefpolicy-3.6.4/policy/modules/apps/qemu.fc 2009-02-03 22:57:29.000000000 -0500
|
+++ serefpolicy-3.6.4/policy/modules/apps/qemu.fc 2009-02-09 09:21:47.000000000 -0500
|
||||||
@@ -1,2 +1,4 @@
|
@@ -1,2 +1,6 @@
|
||||||
/usr/bin/qemu -- gen_context(system_u:object_r:qemu_exec_t,s0)
|
/usr/bin/qemu -- gen_context(system_u:object_r:qemu_exec_t,s0)
|
||||||
/usr/bin/qemu-kvm -- gen_context(system_u:object_r:qemu_exec_t,s0)
|
/usr/bin/qemu-kvm -- gen_context(system_u:object_r:qemu_exec_t,s0)
|
||||||
+
|
+
|
||||||
+/var/cache/libvirt(/.*)? -- gen_context(system_u:object_r:qemu_cache_t,s0)
|
+/var/cache/libvirt(/.*)? -- gen_context(system_u:object_r:qemu_cache_t,s0)
|
||||||
|
+
|
||||||
|
+/var/run/libvirt/qemu(/.*)? -- gen_context(system_u:object_r:qemu_var_run_t,s0)
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.if serefpolicy-3.6.4/policy/modules/apps/qemu.if
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.if serefpolicy-3.6.4/policy/modules/apps/qemu.if
|
||||||
--- nsaserefpolicy/policy/modules/apps/qemu.if 2009-01-19 11:03:28.000000000 -0500
|
--- nsaserefpolicy/policy/modules/apps/qemu.if 2009-01-19 11:03:28.000000000 -0500
|
||||||
+++ serefpolicy-3.6.4/policy/modules/apps/qemu.if 2009-02-03 22:57:29.000000000 -0500
|
+++ serefpolicy-3.6.4/policy/modules/apps/qemu.if 2009-02-03 22:57:29.000000000 -0500
|
||||||
|
|
@ -3764,7 +3766,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||||
')
|
')
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.te serefpolicy-3.6.4/policy/modules/apps/qemu.te
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.te serefpolicy-3.6.4/policy/modules/apps/qemu.te
|
||||||
--- nsaserefpolicy/policy/modules/apps/qemu.te 2009-01-19 11:03:28.000000000 -0500
|
--- nsaserefpolicy/policy/modules/apps/qemu.te 2009-01-19 11:03:28.000000000 -0500
|
||||||
+++ serefpolicy-3.6.4/policy/modules/apps/qemu.te 2009-02-03 22:57:29.000000000 -0500
|
+++ serefpolicy-3.6.4/policy/modules/apps/qemu.te 2009-02-09 09:22:15.000000000 -0500
|
||||||
@@ -6,6 +6,8 @@
|
@@ -6,6 +6,8 @@
|
||||||
# Declarations
|
# Declarations
|
||||||
#
|
#
|
||||||
|
|
@ -3774,7 +3776,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||||
## <desc>
|
## <desc>
|
||||||
## <p>
|
## <p>
|
||||||
## Allow qemu to connect fully to the network
|
## Allow qemu to connect fully to the network
|
||||||
@@ -13,28 +15,154 @@
|
@@ -13,28 +15,160 @@
|
||||||
## </desc>
|
## </desc>
|
||||||
gen_tunable(qemu_full_network, false)
|
gen_tunable(qemu_full_network, false)
|
||||||
|
|
||||||
|
|
@ -3807,6 +3809,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||||
+type qemu_cache_t;
|
+type qemu_cache_t;
|
||||||
+files_type(qemu_cache_t)
|
+files_type(qemu_cache_t)
|
||||||
+
|
+
|
||||||
|
+type qemu_var_run_t;
|
||||||
|
+files_pid_file(qemu_var_run_t)
|
||||||
|
+
|
||||||
+########################################
|
+########################################
|
||||||
+#
|
+#
|
||||||
+# qemu common policy
|
+# qemu common policy
|
||||||
|
|
@ -3823,6 +3828,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||||
+manage_files_pattern(qemu_t, qemu_cache_t, qemu_cache_t)
|
+manage_files_pattern(qemu_t, qemu_cache_t, qemu_cache_t)
|
||||||
+files_var_filetrans(qemu_t, qemu_cache_t, { file dir })
|
+files_var_filetrans(qemu_t, qemu_cache_t, { file dir })
|
||||||
+
|
+
|
||||||
|
+manage_files_pattern(qemu_t, qemu_var_run_t, qemu_var_run_t)
|
||||||
|
+files_pid_filetrans(qemu_t, qemu_var_run_t, file)
|
||||||
|
+
|
||||||
+kernel_read_system_state(qemutype)
|
+kernel_read_system_state(qemutype)
|
||||||
+
|
+
|
||||||
+corenet_all_recvfrom_unlabeled(qemutype)
|
+corenet_all_recvfrom_unlabeled(qemutype)
|
||||||
|
|
|
||||||
|
|
@ -20,7 +20,7 @@
|
||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 3.6.4
|
Version: 3.6.4
|
||||||
Release: 4%{?dist}
|
Release: 5%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: serefpolicy-%{version}.tgz
|
Source: serefpolicy-%{version}.tgz
|
||||||
|
|
@ -444,6 +444,9 @@ exit 0
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Sun Feb 8 2009 Dan Walsh <dwalsh@redhat.com> 3.6.4-5
|
||||||
|
- Allow xdm to create user_tmp_t sockets for switch user to work
|
||||||
|
|
||||||
* Thu Feb 5 2009 Dan Walsh <dwalsh@redhat.com> 3.6.4-4
|
* Thu Feb 5 2009 Dan Walsh <dwalsh@redhat.com> 3.6.4-4
|
||||||
- Fix staff_t domain
|
- Fix staff_t domain
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue