- Allow svirt_t to stream_connect to virtd_t
This commit is contained in:
parent
af4fa8266c
commit
947b439e10
@ -16487,7 +16487,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
+
|
+
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.te serefpolicy-3.6.26/policy/modules/services/virt.te
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.te serefpolicy-3.6.26/policy/modules/services/virt.te
|
||||||
--- nsaserefpolicy/policy/modules/services/virt.te 2009-07-14 14:19:57.000000000 -0400
|
--- nsaserefpolicy/policy/modules/services/virt.te 2009-07-14 14:19:57.000000000 -0400
|
||||||
+++ serefpolicy-3.6.26/policy/modules/services/virt.te 2009-07-30 15:33:09.000000000 -0400
|
+++ serefpolicy-3.6.26/policy/modules/services/virt.te 2009-07-31 15:02:22.000000000 -0400
|
||||||
@@ -20,6 +20,28 @@
|
@@ -20,6 +20,28 @@
|
||||||
## </desc>
|
## </desc>
|
||||||
gen_tunable(virt_use_samba, false)
|
gen_tunable(virt_use_samba, false)
|
||||||
@ -16705,7 +16705,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -195,8 +290,152 @@
|
@@ -195,8 +290,154 @@
|
||||||
|
|
||||||
xen_stream_connect(virtd_t)
|
xen_stream_connect(virtd_t)
|
||||||
xen_stream_connect_xenstore(virtd_t)
|
xen_stream_connect_xenstore(virtd_t)
|
||||||
@ -16737,6 +16737,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
+manage_files_pattern(svirt_t, svirt_var_run_t, svirt_var_run_t)
|
+manage_files_pattern(svirt_t, svirt_var_run_t, svirt_var_run_t)
|
||||||
+manage_lnk_files_pattern(svirt_t, svirt_var_run_t, svirt_var_run_t)
|
+manage_lnk_files_pattern(svirt_t, svirt_var_run_t, svirt_var_run_t)
|
||||||
+files_pid_filetrans(svirt_t, svirt_var_run_t, { dir file })
|
+files_pid_filetrans(svirt_t, svirt_var_run_t, { dir file })
|
||||||
|
+stream_connect_pattern($1, svirt_var_run_t, svirt_var_run_t, virtd_t)
|
||||||
+
|
+
|
||||||
+read_lnk_files_pattern(svirt_t, virt_image_t, virt_image_t)
|
+read_lnk_files_pattern(svirt_t, virt_image_t, virt_image_t)
|
||||||
+
|
+
|
||||||
@ -16857,6 +16858,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
+ virt_read_config(virt_domain)
|
+ virt_read_config(virt_domain)
|
||||||
+ virt_read_lib_files(virt_domain)
|
+ virt_read_lib_files(virt_domain)
|
||||||
+ virt_read_content(virt_domain)
|
+ virt_read_content(virt_domain)
|
||||||
|
+ virt_stream_connect(virt_domain)
|
||||||
+')
|
+')
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/w3c.te serefpolicy-3.6.26/policy/modules/services/w3c.te
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/w3c.te serefpolicy-3.6.26/policy/modules/services/w3c.te
|
||||||
--- nsaserefpolicy/policy/modules/services/w3c.te 2009-07-14 14:19:57.000000000 -0400
|
--- nsaserefpolicy/policy/modules/services/w3c.te 2009-07-14 14:19:57.000000000 -0400
|
||||||
|
@ -20,7 +20,7 @@
|
|||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 3.6.26
|
Version: 3.6.26
|
||||||
Release: 2%{?dist}
|
Release: 3%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: serefpolicy-%{version}.tgz
|
Source: serefpolicy-%{version}.tgz
|
||||||
@ -475,6 +475,9 @@ exit 0
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Jul 31 2009 Dan Walsh <dwalsh@redhat.com> 3.6.26-3
|
||||||
|
- Allow svirt_t to stream_connect to virtd_t
|
||||||
|
|
||||||
* Fri Jul 31 2009 Dan Walsh <dwalsh@redhat.com> 3.6.26-2
|
* Fri Jul 31 2009 Dan Walsh <dwalsh@redhat.com> 3.6.26-2
|
||||||
- Allod hald_dccm_t to create sock_files in /tmp
|
- Allod hald_dccm_t to create sock_files in /tmp
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user