- Allow svirt_t to stream_connect to virtd_t
This commit is contained in:
parent
af4fa8266c
commit
947b439e10
@ -16487,7 +16487,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
+
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.te serefpolicy-3.6.26/policy/modules/services/virt.te
|
||||
--- nsaserefpolicy/policy/modules/services/virt.te 2009-07-14 14:19:57.000000000 -0400
|
||||
+++ serefpolicy-3.6.26/policy/modules/services/virt.te 2009-07-30 15:33:09.000000000 -0400
|
||||
+++ serefpolicy-3.6.26/policy/modules/services/virt.te 2009-07-31 15:02:22.000000000 -0400
|
||||
@@ -20,6 +20,28 @@
|
||||
## </desc>
|
||||
gen_tunable(virt_use_samba, false)
|
||||
@ -16705,7 +16705,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@@ -195,8 +290,152 @@
|
||||
@@ -195,8 +290,154 @@
|
||||
|
||||
xen_stream_connect(virtd_t)
|
||||
xen_stream_connect_xenstore(virtd_t)
|
||||
@ -16737,6 +16737,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
+manage_files_pattern(svirt_t, svirt_var_run_t, svirt_var_run_t)
|
||||
+manage_lnk_files_pattern(svirt_t, svirt_var_run_t, svirt_var_run_t)
|
||||
+files_pid_filetrans(svirt_t, svirt_var_run_t, { dir file })
|
||||
+stream_connect_pattern($1, svirt_var_run_t, svirt_var_run_t, virtd_t)
|
||||
+
|
||||
+read_lnk_files_pattern(svirt_t, virt_image_t, virt_image_t)
|
||||
+
|
||||
@ -16857,6 +16858,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
+ virt_read_config(virt_domain)
|
||||
+ virt_read_lib_files(virt_domain)
|
||||
+ virt_read_content(virt_domain)
|
||||
+ virt_stream_connect(virt_domain)
|
||||
+')
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/w3c.te serefpolicy-3.6.26/policy/modules/services/w3c.te
|
||||
--- nsaserefpolicy/policy/modules/services/w3c.te 2009-07-14 14:19:57.000000000 -0400
|
||||
|
@ -20,7 +20,7 @@
|
||||
Summary: SELinux policy configuration
|
||||
Name: selinux-policy
|
||||
Version: 3.6.26
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
License: GPLv2+
|
||||
Group: System Environment/Base
|
||||
Source: serefpolicy-%{version}.tgz
|
||||
@ -475,6 +475,9 @@ exit 0
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Fri Jul 31 2009 Dan Walsh <dwalsh@redhat.com> 3.6.26-3
|
||||
- Allow svirt_t to stream_connect to virtd_t
|
||||
|
||||
* Fri Jul 31 2009 Dan Walsh <dwalsh@redhat.com> 3.6.26-2
|
||||
- Allod hald_dccm_t to create sock_files in /tmp
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user