From 947b439e106013a292a3a632f366a12a985781e6 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Fri, 31 Jul 2009 19:05:34 +0000 Subject: [PATCH] - Allow svirt_t to stream_connect to virtd_t --- policy-F12.patch | 6 ++++-- selinux-policy.spec | 5 ++++- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/policy-F12.patch b/policy-F12.patch index 89c469a6..4e4ef1f1 100644 --- a/policy-F12.patch +++ b/policy-F12.patch @@ -16487,7 +16487,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol + diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.te serefpolicy-3.6.26/policy/modules/services/virt.te --- nsaserefpolicy/policy/modules/services/virt.te 2009-07-14 14:19:57.000000000 -0400 -+++ serefpolicy-3.6.26/policy/modules/services/virt.te 2009-07-30 15:33:09.000000000 -0400 ++++ serefpolicy-3.6.26/policy/modules/services/virt.te 2009-07-31 15:02:22.000000000 -0400 @@ -20,6 +20,28 @@ ## gen_tunable(virt_use_samba, false) @@ -16705,7 +16705,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol ') optional_policy(` -@@ -195,8 +290,152 @@ +@@ -195,8 +290,154 @@ xen_stream_connect(virtd_t) xen_stream_connect_xenstore(virtd_t) @@ -16737,6 +16737,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol +manage_files_pattern(svirt_t, svirt_var_run_t, svirt_var_run_t) +manage_lnk_files_pattern(svirt_t, svirt_var_run_t, svirt_var_run_t) +files_pid_filetrans(svirt_t, svirt_var_run_t, { dir file }) ++stream_connect_pattern($1, svirt_var_run_t, svirt_var_run_t, virtd_t) + +read_lnk_files_pattern(svirt_t, virt_image_t, virt_image_t) + @@ -16857,6 +16858,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol + virt_read_config(virt_domain) + virt_read_lib_files(virt_domain) + virt_read_content(virt_domain) ++ virt_stream_connect(virt_domain) +') diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/w3c.te serefpolicy-3.6.26/policy/modules/services/w3c.te --- nsaserefpolicy/policy/modules/services/w3c.te 2009-07-14 14:19:57.000000000 -0400 diff --git a/selinux-policy.spec b/selinux-policy.spec index 0a16a43c..072db7c4 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -20,7 +20,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.6.26 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv2+ Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -475,6 +475,9 @@ exit 0 %endif %changelog +* Fri Jul 31 2009 Dan Walsh 3.6.26-3 +- Allow svirt_t to stream_connect to virtd_t + * Fri Jul 31 2009 Dan Walsh 3.6.26-2 - Allod hald_dccm_t to create sock_files in /tmp