- add virtual_image_context and virtual_domain_context files

policy-20090105.patch

@@ -118,6 +118,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
 -
 +system_r:initrc_su_t:s0		user_r:user_t:s0
 +user_r:user_t:s0		user_r:user_t:s0
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/virtual_domain_context serefpolicy-3.6.6/config/appconfig-mcs/virtual_domain_context
+--- nsaserefpolicy/config/appconfig-mcs/virtual_domain_context	1969-12-31 19:00:00.000000000 -0500
++++ serefpolicy-3.6.6/config/appconfig-mcs/virtual_domain_context	2009-02-18 13:57:20.000000000 -0500
+@@ -0,0 +1 @@
++system_u:system_r:qemu_t:s0	
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/virtual_image_context serefpolicy-3.6.6/config/appconfig-mcs/virtual_image_context
+--- nsaserefpolicy/config/appconfig-mcs/virtual_image_context	1969-12-31 19:00:00.000000000 -0500
++++ serefpolicy-3.6.6/config/appconfig-mcs/virtual_image_context	2009-02-18 13:57:52.000000000 -0500
+@@ -0,0 +1 @@
++system_u:object_r:virt_image_t:s0	
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/xguest_u_default_contexts serefpolicy-3.6.6/config/appconfig-mcs/xguest_u_default_contexts
 --- nsaserefpolicy/config/appconfig-mcs/xguest_u_default_contexts	1969-12-31 19:00:00.000000000 -0500
 +++ serefpolicy-3.6.6/config/appconfig-mcs/xguest_u_default_contexts	2009-02-16 13:18:06.000000000 -0500
@@ -182,6 +192,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
  #
 -#system_r:sshd_t:s0		unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
 +#system_r:sshd_t:s0		sysadm_r:sysadm_t:s0 staff_r:staff_t:s0
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/virtual_domain_context serefpolicy-3.6.6/config/appconfig-mls/virtual_domain_context
+--- nsaserefpolicy/config/appconfig-mls/virtual_domain_context	1969-12-31 19:00:00.000000000 -0500
++++ serefpolicy-3.6.6/config/appconfig-mls/virtual_domain_context	2009-02-18 13:58:20.000000000 -0500
+@@ -0,0 +1 @@
++system_u:system_r:qemu_t:s0	
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/virtual_image_context serefpolicy-3.6.6/config/appconfig-mls/virtual_image_context
+--- nsaserefpolicy/config/appconfig-mls/virtual_image_context	1969-12-31 19:00:00.000000000 -0500
++++ serefpolicy-3.6.6/config/appconfig-mls/virtual_image_context	2009-02-18 13:58:20.000000000 -0500
+@@ -0,0 +1 @@
++system_u:object_r:virt_image_t:s0	
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/xguest_u_default_contexts serefpolicy-3.6.6/config/appconfig-mls/xguest_u_default_contexts
 --- nsaserefpolicy/config/appconfig-mls/xguest_u_default_contexts	1969-12-31 19:00:00.000000000 -0500
 +++ serefpolicy-3.6.6/config/appconfig-mls/xguest_u_default_contexts	2009-02-16 13:18:06.000000000 -0500
@@ -195,7 +215,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
 +xguest_r:xguest_t:s0	xguest_r:xguest_t:s0
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-3.6.6/Makefile
 --- nsaserefpolicy/Makefile	2009-01-19 11:07:35.000000000 -0500
-+++ serefpolicy-3.6.6/Makefile	2009-02-16 13:18:06.000000000 -0500
++++ serefpolicy-3.6.6/Makefile	2009-02-18 14:17:28.000000000 -0500
+@@ -241,7 +241,7 @@
+ appdir := $(contextpath)
+ user_default_contexts := $(wildcard config/appconfig-$(TYPE)/*_default_contexts)
+ user_default_contexts_names := $(addprefix $(contextpath)/users/,$(subst _default_contexts,,$(notdir $(user_default_contexts))))
+-appfiles := $(addprefix $(appdir)/,default_contexts default_type initrc_context failsafe_context userhelper_context removable_context dbus_contexts x_contexts customizable_types securetty_types) $(contextpath)/files/media $(user_default_contexts_names)
++appfiles := $(addprefix $(appdir)/,default_contexts default_type initrc_context failsafe_context userhelper_context removable_context dbus_contexts x_contexts customizable_types securetty_types virtual_image_context virtual_domain_context) $(contextpath)/files/media $(user_default_contexts_names)
+ net_contexts := $(builddir)net_contexts
+ 
+ all_layers := $(shell find $(wildcard $(moddir)/*) -maxdepth 0 -type d)
 @@ -315,20 +315,22 @@
  
  # parse-rolemap modulename,outputfile
@@ -26132,7 +26161,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  allow iscsid_t iscsi_tmp_t:dir manage_dir_perms;
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.6.6/policy/modules/system/libraries.fc
 --- nsaserefpolicy/policy/modules/system/libraries.fc	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.6/policy/modules/system/libraries.fc	2009-02-17 08:47:24.000000000 -0500
++++ serefpolicy-3.6.6/policy/modules/system/libraries.fc	2009-02-18 09:32:59.000000000 -0500
 @@ -60,12 +60,15 @@
  #
  # /opt
@@ -26277,7 +26306,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ifdef(`distro_suse',`
  /var/lib/samba/bin/.+\.so(\.[^/]*)*	-l	gen_context(system_u:object_r:lib_t,s0)
  ')
-@@ -310,3 +335,21 @@
+@@ -310,3 +335,25 @@
  /var/spool/postfix/lib(64)?(/.*)? 		gen_context(system_u:object_r:lib_t,s0)
  /var/spool/postfix/usr(/.*)?			gen_context(system_u:object_r:lib_t,s0)
  /var/spool/postfix/lib(64)?/ld.*\.so.*	--	gen_context(system_u:object_r:ld_so_t,s0)
@@ -26299,6 +26328,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/opt/google-earth/.*\.so.*    --     gen_context(system_u:object_r:textrel_shlib_t,s0)
 +
 +/usr/lib(64)?/nspluginwrapper/np.*\.so	-- gen_context(system_u:object_r:lib_t,s0)
++
++/usr/lib/oracle/.*/lib/libnnz.*\.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
++
++/opt/(.*/)?oracle/(.*/)?libnnz.*\.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.te serefpolicy-3.6.6/policy/modules/system/libraries.te
 --- nsaserefpolicy/policy/modules/system/libraries.te	2009-01-05 15:39:43.000000000 -0500
 +++ serefpolicy-3.6.6/policy/modules/system/libraries.te	2009-02-16 13:18:06.000000000 -0500

selinux-policy.spec

@@ -1,4 +1,4 @@
- %define distro redhat
+%define distro redhat
 %define polyinstatiate n
 %define monolithic n
 %if %{?BUILD_TARGETED:0}%{!?BUILD_TARGETED:1}
@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.6.6
-Release: 4%{?dist}
+Release: 5%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -137,6 +137,8 @@ bzip2 %{buildroot}/%{_usr}/share/selinux/%1/*.pp
 %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/dbus_contexts \
 %config %{_sysconfdir}/selinux/%1/contexts/x_contexts \
 %config %{_sysconfdir}/selinux/%1/contexts/default_contexts \
+%config	%{_sysconfdir}/selinux/%1/contexts/virtual_domain_context \
+%config	%{_sysconfdir}/selinux/%1/contexts/virtual_image_context \
 %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/default_type \
 %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/failsafe_context \
 %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/initrc_context \
@@ -444,6 +446,9 @@ exit 0
 %endif
 
 %changelog
+* Wed Feb 18 2009 Dan Walsh <dwalsh@redhat.com> 3.6.6-5
+- add virtual_image_context and virtual_domain_context files
+
 * Tue Feb 17 2009 Dan Walsh <dwalsh@redhat.com> 3.6.6-4
 - Allow rpcd_t to send signal to mount_t
 - Allow libvirtd to run ranged