- Allow NetworkManager to dbus chat with yum-updated
This commit is contained in:
parent
bf7f975f77
commit
babb3641bd
|
@ -2814,7 +2814,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
|
||||||
+')
|
+')
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.0.7/policy/modules/kernel/files.if
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.0.7/policy/modules/kernel/files.if
|
||||||
--- nsaserefpolicy/policy/modules/kernel/files.if 2007-07-03 07:05:38.000000000 -0400
|
--- nsaserefpolicy/policy/modules/kernel/files.if 2007-07-03 07:05:38.000000000 -0400
|
||||||
+++ serefpolicy-3.0.7/policy/modules/kernel/files.if 2007-09-11 08:45:38.000000000 -0400
|
+++ serefpolicy-3.0.7/policy/modules/kernel/files.if 2007-09-11 14:40:00.000000000 -0400
|
||||||
@@ -343,8 +343,7 @@
|
@@ -343,8 +343,7 @@
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
|
@ -3289,7 +3289,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/selinux.if serefpolicy-3.0.7/policy/modules/kernel/selinux.if
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/selinux.if serefpolicy-3.0.7/policy/modules/kernel/selinux.if
|
||||||
--- nsaserefpolicy/policy/modules/kernel/selinux.if 2007-07-03 07:05:38.000000000 -0400
|
--- nsaserefpolicy/policy/modules/kernel/selinux.if 2007-07-03 07:05:38.000000000 -0400
|
||||||
+++ serefpolicy-3.0.7/policy/modules/kernel/selinux.if 2007-09-06 15:43:06.000000000 -0400
|
+++ serefpolicy-3.0.7/policy/modules/kernel/selinux.if 2007-09-11 13:01:12.000000000 -0400
|
||||||
@@ -138,6 +138,7 @@
|
@@ -138,6 +138,7 @@
|
||||||
type security_t;
|
type security_t;
|
||||||
')
|
')
|
||||||
|
@ -6285,7 +6285,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim
|
||||||
+
|
+
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-3.0.7/policy/modules/services/ftp.te
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-3.0.7/policy/modules/services/ftp.te
|
||||||
--- nsaserefpolicy/policy/modules/services/ftp.te 2007-07-25 10:37:42.000000000 -0400
|
--- nsaserefpolicy/policy/modules/services/ftp.te 2007-07-25 10:37:42.000000000 -0400
|
||||||
+++ serefpolicy-3.0.7/policy/modules/services/ftp.te 2007-09-10 14:54:57.000000000 -0400
|
+++ serefpolicy-3.0.7/policy/modules/services/ftp.te 2007-09-11 14:32:19.000000000 -0400
|
||||||
@@ -88,6 +88,7 @@
|
@@ -88,6 +88,7 @@
|
||||||
allow ftpd_t self:unix_stream_socket create_stream_socket_perms;
|
allow ftpd_t self:unix_stream_socket create_stream_socket_perms;
|
||||||
allow ftpd_t self:tcp_socket create_stream_socket_perms;
|
allow ftpd_t self:tcp_socket create_stream_socket_perms;
|
||||||
|
@ -6327,20 +6327,21 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.
|
||||||
')
|
')
|
||||||
|
|
||||||
tunable_policy(`ftp_home_dir && use_nfs_home_dirs',`
|
tunable_policy(`ftp_home_dir && use_nfs_home_dirs',`
|
||||||
@@ -252,7 +264,9 @@
|
@@ -252,7 +264,10 @@
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
+ kerberos_use(ftpd_t)
|
+ kerberos_use(ftpd_t)
|
||||||
kerberos_read_keytab(ftpd_t)
|
kerberos_read_keytab(ftpd_t)
|
||||||
+ kerberos_manage_host_rcache(ftpd_t)
|
+ kerberos_manage_host_rcache(ftpd_t)
|
||||||
|
+ selinux_validate_context(ftpd_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.fc serefpolicy-3.0.7/policy/modules/services/hal.fc
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.fc serefpolicy-3.0.7/policy/modules/services/hal.fc
|
||||||
--- nsaserefpolicy/policy/modules/services/hal.fc 2007-05-30 11:47:29.000000000 -0400
|
--- nsaserefpolicy/policy/modules/services/hal.fc 2007-05-30 11:47:29.000000000 -0400
|
||||||
+++ serefpolicy-3.0.7/policy/modules/services/hal.fc 2007-09-06 15:43:06.000000000 -0400
|
+++ serefpolicy-3.0.7/policy/modules/services/hal.fc 2007-09-11 15:14:05.000000000 -0400
|
||||||
@@ -8,9 +8,15 @@
|
@@ -8,9 +8,17 @@
|
||||||
/usr/libexec/hald-addon-macbookpro-backlight -- gen_context(system_u:object_r:hald_mac_exec_t,s0)
|
/usr/libexec/hald-addon-macbookpro-backlight -- gen_context(system_u:object_r:hald_mac_exec_t,s0)
|
||||||
|
|
||||||
/usr/sbin/hald -- gen_context(system_u:object_r:hald_exec_t,s0)
|
/usr/sbin/hald -- gen_context(system_u:object_r:hald_exec_t,s0)
|
||||||
|
@ -6356,6 +6357,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
|
||||||
+
|
+
|
||||||
+/var/log/pm-suspend.log gen_context(system_u:object_r:hald_log_t,s0)
|
+/var/log/pm-suspend.log gen_context(system_u:object_r:hald_log_t,s0)
|
||||||
+
|
+
|
||||||
|
+/var/run/pm(/.*)? gen_context(system_u:object_r:hald_var_run_t,s0)
|
||||||
|
+/var/log/pm(/.*)? gen_context(system_u:object_r:hald_log_t,s0)
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.if serefpolicy-3.0.7/policy/modules/services/hal.if
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.if serefpolicy-3.0.7/policy/modules/services/hal.if
|
||||||
--- nsaserefpolicy/policy/modules/services/hal.if 2007-05-29 14:10:57.000000000 -0400
|
--- nsaserefpolicy/policy/modules/services/hal.if 2007-05-29 14:10:57.000000000 -0400
|
||||||
+++ serefpolicy-3.0.7/policy/modules/services/hal.if 2007-09-06 15:43:06.000000000 -0400
|
+++ serefpolicy-3.0.7/policy/modules/services/hal.if 2007-09-06 15:43:06.000000000 -0400
|
||||||
|
@ -7386,7 +7389,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
|
||||||
/var/run/wpa_supplicant(/.*)? gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
|
/var/run/wpa_supplicant(/.*)? gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.0.7/policy/modules/services/networkmanager.te
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.0.7/policy/modules/services/networkmanager.te
|
||||||
--- nsaserefpolicy/policy/modules/services/networkmanager.te 2007-08-22 07:14:07.000000000 -0400
|
--- nsaserefpolicy/policy/modules/services/networkmanager.te 2007-08-22 07:14:07.000000000 -0400
|
||||||
+++ serefpolicy-3.0.7/policy/modules/services/networkmanager.te 2007-09-06 15:43:06.000000000 -0400
|
+++ serefpolicy-3.0.7/policy/modules/services/networkmanager.te 2007-09-11 14:21:48.000000000 -0400
|
||||||
@@ -20,7 +20,7 @@
|
@@ -20,7 +20,7 @@
|
||||||
|
|
||||||
# networkmanager will ptrace itself if gdb is installed
|
# networkmanager will ptrace itself if gdb is installed
|
||||||
|
@ -7405,7 +7408,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
|
||||||
corenet_all_recvfrom_unlabeled(NetworkManager_t)
|
corenet_all_recvfrom_unlabeled(NetworkManager_t)
|
||||||
corenet_all_recvfrom_netlabel(NetworkManager_t)
|
corenet_all_recvfrom_netlabel(NetworkManager_t)
|
||||||
corenet_tcp_sendrecv_all_if(NetworkManager_t)
|
corenet_tcp_sendrecv_all_if(NetworkManager_t)
|
||||||
@@ -152,6 +154,11 @@
|
@@ -136,6 +138,9 @@
|
||||||
|
dbus_system_bus_client_template(NetworkManager,NetworkManager_t)
|
||||||
|
dbus_connect_system_bus(NetworkManager_t)
|
||||||
|
dbus_send_system_bus(NetworkManager_t)
|
||||||
|
+ optional_policy(`
|
||||||
|
+ rpm_dbus_chat(NetworkManager_t)
|
||||||
|
+ ')
|
||||||
|
')
|
||||||
|
|
||||||
|
optional_policy(`
|
||||||
|
@@ -152,6 +157,11 @@
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
|
@ -7417,7 +7430,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
|
||||||
ppp_domtrans(NetworkManager_t)
|
ppp_domtrans(NetworkManager_t)
|
||||||
ppp_read_pid_files(NetworkManager_t)
|
ppp_read_pid_files(NetworkManager_t)
|
||||||
ppp_signal(NetworkManager_t)
|
ppp_signal(NetworkManager_t)
|
||||||
@@ -166,8 +173,10 @@
|
@@ -166,8 +176,10 @@
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
|
@ -9669,7 +9682,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setr
|
||||||
+')
|
+')
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.te serefpolicy-3.0.7/policy/modules/services/setroubleshoot.te
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.te serefpolicy-3.0.7/policy/modules/services/setroubleshoot.te
|
||||||
--- nsaserefpolicy/policy/modules/services/setroubleshoot.te 2007-07-25 10:37:42.000000000 -0400
|
--- nsaserefpolicy/policy/modules/services/setroubleshoot.te 2007-07-25 10:37:42.000000000 -0400
|
||||||
+++ serefpolicy-3.0.7/policy/modules/services/setroubleshoot.te 2007-09-11 11:09:25.000000000 -0400
|
+++ serefpolicy-3.0.7/policy/modules/services/setroubleshoot.te 2007-09-11 15:24:02.000000000 -0400
|
||||||
@@ -33,7 +33,6 @@
|
@@ -33,7 +33,6 @@
|
||||||
allow setroubleshootd_t self:tcp_socket create_stream_socket_perms;
|
allow setroubleshootd_t self:tcp_socket create_stream_socket_perms;
|
||||||
allow setroubleshootd_t self:unix_stream_socket { create_stream_socket_perms connectto };
|
allow setroubleshootd_t self:unix_stream_socket { create_stream_socket_perms connectto };
|
||||||
|
@ -9705,13 +9718,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setr
|
||||||
selinux_get_enforce_mode(setroubleshootd_t)
|
selinux_get_enforce_mode(setroubleshootd_t)
|
||||||
selinux_validate_context(setroubleshootd_t)
|
selinux_validate_context(setroubleshootd_t)
|
||||||
|
|
||||||
@@ -109,5 +114,7 @@
|
@@ -109,5 +114,8 @@
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
- nis_use_ypbind(setroubleshootd_t)
|
- nis_use_ypbind(setroubleshootd_t)
|
||||||
+ dbus_system_bus_client_template(setroubleshootd, setroubleshootd_t)
|
+ dbus_system_bus_client_template(setroubleshootd, setroubleshootd_t)
|
||||||
+ dbus_send_system_bus(setroubleshootd_t)
|
+ dbus_send_system_bus(setroubleshootd_t)
|
||||||
|
+ dbus_connect_system_bus(setroubleshootd_t)
|
||||||
')
|
')
|
||||||
+
|
+
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.fc serefpolicy-3.0.7/policy/modules/services/snmp.fc
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.fc serefpolicy-3.0.7/policy/modules/services/snmp.fc
|
||||||
|
@ -11302,8 +11316,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/brctl.
|
||||||
+/usr/sbin/brctl -- gen_context(system_u:object_r:brctl_exec_t,s0)
|
+/usr/sbin/brctl -- gen_context(system_u:object_r:brctl_exec_t,s0)
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/brctl.if serefpolicy-3.0.7/policy/modules/system/brctl.if
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/brctl.if serefpolicy-3.0.7/policy/modules/system/brctl.if
|
||||||
--- nsaserefpolicy/policy/modules/system/brctl.if 1969-12-31 19:00:00.000000000 -0500
|
--- nsaserefpolicy/policy/modules/system/brctl.if 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ serefpolicy-3.0.7/policy/modules/system/brctl.if 2007-09-06 15:43:06.000000000 -0400
|
+++ serefpolicy-3.0.7/policy/modules/system/brctl.if 2007-09-11 14:23:37.000000000 -0400
|
||||||
@@ -0,0 +1,25 @@
|
@@ -0,0 +1,43 @@
|
||||||
+
|
+
|
||||||
+## <summary>Utilities for configuring the linux ethernet bridge</summary>
|
+## <summary>Utilities for configuring the linux ethernet bridge</summary>
|
||||||
+
|
+
|
||||||
|
@ -11329,6 +11343,24 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/brctl.
|
||||||
+ allow brctl_t $1:fifo_file rw_file_perms;
|
+ allow brctl_t $1:fifo_file rw_file_perms;
|
||||||
+ allow brctl_t $1:process sigchld;
|
+ allow brctl_t $1:process sigchld;
|
||||||
+')
|
+')
|
||||||
|
+
|
||||||
|
+########################################
|
||||||
|
+## <summary>
|
||||||
|
+## Get attributes brctl executable.
|
||||||
|
+## </summary>
|
||||||
|
+## <param name="domain">
|
||||||
|
+## <summary>
|
||||||
|
+## Domain allowed to transition.
|
||||||
|
+## </summary>
|
||||||
|
+## </param>
|
||||||
|
+#
|
||||||
|
+interface(`brctl_getattr',`
|
||||||
|
+ gen_require(`
|
||||||
|
+ type brctl_exec_t;
|
||||||
|
+ ')
|
||||||
|
+
|
||||||
|
+ allow $1 brctl_exec_t:file getattr;
|
||||||
|
+')
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/brctl.te serefpolicy-3.0.7/policy/modules/system/brctl.te
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/brctl.te serefpolicy-3.0.7/policy/modules/system/brctl.te
|
||||||
--- nsaserefpolicy/policy/modules/system/brctl.te 1969-12-31 19:00:00.000000000 -0500
|
--- nsaserefpolicy/policy/modules/system/brctl.te 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ serefpolicy-3.0.7/policy/modules/system/brctl.te 2007-09-10 08:59:32.000000000 -0400
|
+++ serefpolicy-3.0.7/policy/modules/system/brctl.te 2007-09-10 08:59:32.000000000 -0400
|
||||||
|
@ -15418,7 +15450,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if
|
||||||
+')
|
+')
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-3.0.7/policy/modules/system/xen.te
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-3.0.7/policy/modules/system/xen.te
|
||||||
--- nsaserefpolicy/policy/modules/system/xen.te 2007-07-25 10:37:42.000000000 -0400
|
--- nsaserefpolicy/policy/modules/system/xen.te 2007-07-25 10:37:42.000000000 -0400
|
||||||
+++ serefpolicy-3.0.7/policy/modules/system/xen.te 2007-09-07 08:48:47.000000000 -0400
|
+++ serefpolicy-3.0.7/policy/modules/system/xen.te 2007-09-11 14:25:59.000000000 -0400
|
||||||
@@ -95,7 +95,7 @@
|
@@ -95,7 +95,7 @@
|
||||||
read_lnk_files_pattern(xend_t,xen_image_t,xen_image_t)
|
read_lnk_files_pattern(xend_t,xen_image_t,xen_image_t)
|
||||||
rw_blk_files_pattern(xend_t,xen_image_t,xen_image_t)
|
rw_blk_files_pattern(xend_t,xen_image_t,xen_image_t)
|
||||||
|
@ -15428,7 +15460,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te
|
||||||
dev_filetrans(xend_t, xenctl_t, fifo_file)
|
dev_filetrans(xend_t, xenctl_t, fifo_file)
|
||||||
|
|
||||||
manage_files_pattern(xend_t,xend_tmp_t,xend_tmp_t)
|
manage_files_pattern(xend_t,xend_tmp_t,xend_tmp_t)
|
||||||
@@ -126,7 +126,7 @@
|
@@ -122,11 +122,13 @@
|
||||||
|
manage_fifo_files_pattern(xend_t,xend_var_lib_t,xend_var_lib_t)
|
||||||
|
files_var_lib_filetrans(xend_t,xend_var_lib_t,{ file dir })
|
||||||
|
|
||||||
|
+init_stream_connect_script(xend_t)
|
||||||
|
+
|
||||||
|
# transition to store
|
||||||
domain_auto_trans(xend_t, xenstored_exec_t, xenstored_t)
|
domain_auto_trans(xend_t, xenstored_exec_t, xenstored_t)
|
||||||
allow xenstored_t xend_t:fd use;
|
allow xenstored_t xend_t:fd use;
|
||||||
allow xenstored_t xend_t:process sigchld;
|
allow xenstored_t xend_t:process sigchld;
|
||||||
|
@ -15437,7 +15475,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te
|
||||||
|
|
||||||
# transition to console
|
# transition to console
|
||||||
domain_auto_trans(xend_t, xenconsoled_exec_t, xenconsoled_t)
|
domain_auto_trans(xend_t, xenconsoled_exec_t, xenconsoled_t)
|
||||||
@@ -176,6 +176,7 @@
|
@@ -176,6 +178,7 @@
|
||||||
files_manage_etc_runtime_files(xend_t)
|
files_manage_etc_runtime_files(xend_t)
|
||||||
files_etc_filetrans_etc_runtime(xend_t,file)
|
files_etc_filetrans_etc_runtime(xend_t,file)
|
||||||
files_read_usr_files(xend_t)
|
files_read_usr_files(xend_t)
|
||||||
|
@ -15445,7 +15483,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te
|
||||||
|
|
||||||
storage_raw_read_fixed_disk(xend_t)
|
storage_raw_read_fixed_disk(xend_t)
|
||||||
storage_raw_write_fixed_disk(xend_t)
|
storage_raw_write_fixed_disk(xend_t)
|
||||||
@@ -224,7 +225,7 @@
|
@@ -214,6 +217,10 @@
|
||||||
|
netutils_domtrans(xend_t)
|
||||||
|
|
||||||
|
optional_policy(`
|
||||||
|
+ brctl_getattr(xend_t)
|
||||||
|
+')
|
||||||
|
+
|
||||||
|
+optional_policy(`
|
||||||
|
consoletype_exec(xend_t)
|
||||||
|
')
|
||||||
|
|
||||||
|
@@ -224,7 +231,7 @@
|
||||||
|
|
||||||
allow xenconsoled_t self:capability { dac_override fsetid ipc_lock };
|
allow xenconsoled_t self:capability { dac_override fsetid ipc_lock };
|
||||||
allow xenconsoled_t self:unix_stream_socket create_stream_socket_perms;
|
allow xenconsoled_t self:unix_stream_socket create_stream_socket_perms;
|
||||||
|
@ -15454,7 +15503,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te
|
||||||
|
|
||||||
allow xenconsoled_t xen_devpts_t:chr_file rw_term_perms;
|
allow xenconsoled_t xen_devpts_t:chr_file rw_term_perms;
|
||||||
|
|
||||||
@@ -257,7 +258,7 @@
|
@@ -257,7 +264,7 @@
|
||||||
|
|
||||||
miscfiles_read_localization(xenconsoled_t)
|
miscfiles_read_localization(xenconsoled_t)
|
||||||
|
|
||||||
|
@ -15463,7 +15512,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te
|
||||||
xen_stream_connect_xenstore(xenconsoled_t)
|
xen_stream_connect_xenstore(xenconsoled_t)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -265,7 +266,7 @@
|
@@ -265,7 +272,7 @@
|
||||||
# Xen store local policy
|
# Xen store local policy
|
||||||
#
|
#
|
||||||
|
|
||||||
|
@ -15472,7 +15521,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te
|
||||||
allow xenstored_t self:unix_stream_socket create_stream_socket_perms;
|
allow xenstored_t self:unix_stream_socket create_stream_socket_perms;
|
||||||
allow xenstored_t self:unix_dgram_socket create_socket_perms;
|
allow xenstored_t self:unix_dgram_socket create_socket_perms;
|
||||||
|
|
||||||
@@ -318,12 +319,13 @@
|
@@ -318,12 +325,13 @@
|
||||||
allow xm_t self:capability { dac_override ipc_lock sys_tty_config };
|
allow xm_t self:capability { dac_override ipc_lock sys_tty_config };
|
||||||
|
|
||||||
# internal communication is often done using fifo and unix sockets.
|
# internal communication is often done using fifo and unix sockets.
|
||||||
|
@ -15487,7 +15536,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te
|
||||||
files_search_var_lib(xm_t)
|
files_search_var_lib(xm_t)
|
||||||
|
|
||||||
allow xm_t xen_image_t:dir rw_dir_perms;
|
allow xm_t xen_image_t:dir rw_dir_perms;
|
||||||
@@ -336,6 +338,7 @@
|
@@ -336,6 +344,7 @@
|
||||||
kernel_write_xen_state(xm_t)
|
kernel_write_xen_state(xm_t)
|
||||||
|
|
||||||
corecmd_exec_bin(xm_t)
|
corecmd_exec_bin(xm_t)
|
||||||
|
@ -15495,7 +15544,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te
|
||||||
|
|
||||||
corenet_tcp_sendrecv_generic_if(xm_t)
|
corenet_tcp_sendrecv_generic_if(xm_t)
|
||||||
corenet_tcp_sendrecv_all_nodes(xm_t)
|
corenet_tcp_sendrecv_all_nodes(xm_t)
|
||||||
@@ -366,3 +369,14 @@
|
@@ -353,6 +362,7 @@
|
||||||
|
|
||||||
|
term_use_all_terms(xm_t)
|
||||||
|
|
||||||
|
+init_stream_connect_script(xm_t)
|
||||||
|
init_rw_script_stream_sockets(xm_t)
|
||||||
|
init_use_fds(xm_t)
|
||||||
|
|
||||||
|
@@ -366,3 +376,14 @@
|
||||||
xen_append_log(xm_t)
|
xen_append_log(xm_t)
|
||||||
xen_stream_connect(xm_t)
|
xen_stream_connect(xm_t)
|
||||||
xen_stream_connect_xenstore(xm_t)
|
xen_stream_connect_xenstore(xm_t)
|
||||||
|
|
|
@ -17,7 +17,7 @@
|
||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 3.0.7
|
Version: 3.0.7
|
||||||
Release: 9%{?dist}
|
Release: 10%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: serefpolicy-%{version}.tgz
|
Source: serefpolicy-%{version}.tgz
|
||||||
|
@ -362,6 +362,9 @@ exit 0
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Sep 11 2007 Dan Walsh <dwalsh@redhat.com> 3.0.7-10
|
||||||
|
- Allow NetworkManager to dbus chat with yum-updated
|
||||||
|
|
||||||
* Tue Sep 11 2007 Dan Walsh <dwalsh@redhat.com> 3.0.7-9
|
* Tue Sep 11 2007 Dan Walsh <dwalsh@redhat.com> 3.0.7-9
|
||||||
- Allow xfs to bind to port 7100
|
- Allow xfs to bind to port 7100
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue