- Allow svirt_t to stream_connect to virtd_t

2009-07-31 19:05:34 +00:00 · 2009-07-31 19:05:34 +00:00 · 947b439e10
commit 947b439e10
parent af4fa8266c
2 changed files with 8 additions and 3 deletions
--- a/policy-F12.patch
+++ b/policy-F12.patch
@ -16487,7 +16487,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.te serefpolicy-3.6.26/policy/modules/services/virt.te
 --- nsaserefpolicy/policy/modules/services/virt.te	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.26/policy/modules/services/virt.te	2009-07-30 15:33:09.000000000 -0400
+++ serefpolicy-3.6.26/policy/modules/services/virt.te	2009-07-31 15:02:22.000000000 -0400
@@ -20,6 +20,28 @@
 ## </desc>
 gen_tunable(virt_use_samba, false)
@ -16705,7 +16705,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ')
 
 optional_policy(`
-@@ -195,8 +290,152 @@
+@@ -195,8 +290,154 @@
 
 	xen_stream_connect(virtd_t)
 	xen_stream_connect_xenstore(virtd_t)
@ -16737,6 +16737,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +manage_files_pattern(svirt_t, svirt_var_run_t, svirt_var_run_t)
 +manage_lnk_files_pattern(svirt_t, svirt_var_run_t, svirt_var_run_t)
 +files_pid_filetrans(svirt_t, svirt_var_run_t, { dir file })
+stream_connect_pattern($1, svirt_var_run_t, svirt_var_run_t, virtd_t)
 +
 +read_lnk_files_pattern(svirt_t, virt_image_t, virt_image_t)
 +
@ -16857,6 +16858,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	virt_read_config(virt_domain)
 +	virt_read_lib_files(virt_domain)
 +	virt_read_content(virt_domain)
+	virt_stream_connect(virt_domain)
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/w3c.te serefpolicy-3.6.26/policy/modules/services/w3c.te
 --- nsaserefpolicy/policy/modules/services/w3c.te	2009-07-14 14:19:57.000000000 -0400
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.6.26
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@ -475,6 +475,9 @@ exit 0
 %endif

 %changelog
+* Fri Jul 31 2009 Dan Walsh <dwalsh@redhat.com> 3.6.26-3
+- Allow svirt_t to stream_connect to virtd_t
+
 * Fri Jul 31 2009 Dan Walsh <dwalsh@redhat.com> 3.6.26-2
 - Allod hald_dccm_t to create sock_files in /tmp