- Allow udev to send audit messages
This commit is contained in:
parent
14892547e5
commit
ebab4d1c66
@ -21255,7 +21255,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
|
|||||||
/var/lib/pam_devperm/:0 -- gen_context(system_u:object_r:xdm_var_lib_t,s0)
|
/var/lib/pam_devperm/:0 -- gen_context(system_u:object_r:xdm_var_lib_t,s0)
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.2.7/policy/modules/services/xserver.if
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.2.7/policy/modules/services/xserver.if
|
||||||
--- nsaserefpolicy/policy/modules/services/xserver.if 2007-12-04 11:02:50.000000000 -0500
|
--- nsaserefpolicy/policy/modules/services/xserver.if 2007-12-04 11:02:50.000000000 -0500
|
||||||
+++ serefpolicy-3.2.7/policy/modules/services/xserver.if 2008-02-13 16:57:15.000000000 -0500
|
+++ serefpolicy-3.2.7/policy/modules/services/xserver.if 2008-02-14 15:45:10.000000000 -0500
|
||||||
@@ -15,6 +15,7 @@
|
@@ -15,6 +15,7 @@
|
||||||
template(`xserver_common_domain_template',`
|
template(`xserver_common_domain_template',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
@ -24776,8 +24776,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.i
|
|||||||
+
|
+
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.te serefpolicy-3.2.7/policy/modules/system/qemu.te
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.te serefpolicy-3.2.7/policy/modules/system/qemu.te
|
||||||
--- nsaserefpolicy/policy/modules/system/qemu.te 1969-12-31 19:00:00.000000000 -0500
|
--- nsaserefpolicy/policy/modules/system/qemu.te 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ serefpolicy-3.2.7/policy/modules/system/qemu.te 2008-02-13 16:57:16.000000000 -0500
|
+++ serefpolicy-3.2.7/policy/modules/system/qemu.te 2008-02-14 15:46:36.000000000 -0500
|
||||||
@@ -0,0 +1,66 @@
|
@@ -0,0 +1,83 @@
|
||||||
+policy_module(qemu,1.0.0)
|
+policy_module(qemu,1.0.0)
|
||||||
+
|
+
|
||||||
+########################################
|
+########################################
|
||||||
@ -24807,6 +24807,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.t
|
|||||||
+## internal communication is often done using fifo and unix sockets.
|
+## internal communication is often done using fifo and unix sockets.
|
||||||
+allow qemu_t self:fifo_file rw_file_perms;
|
+allow qemu_t self:fifo_file rw_file_perms;
|
||||||
+allow qemu_t self:unix_stream_socket create_stream_socket_perms;
|
+allow qemu_t self:unix_stream_socket create_stream_socket_perms;
|
||||||
|
+allow qemu_t self:shm create_shm_perms;
|
||||||
+
|
+
|
||||||
+corenet_all_recvfrom_unlabeled(qemu_t)
|
+corenet_all_recvfrom_unlabeled(qemu_t)
|
||||||
+corenet_all_recvfrom_netlabel(qemu_t)
|
+corenet_all_recvfrom_netlabel(qemu_t)
|
||||||
@ -24817,8 +24818,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.t
|
|||||||
+corenet_tcp_bind_vnc_port(qemu_t)
|
+corenet_tcp_bind_vnc_port(qemu_t)
|
||||||
+corenet_rw_tun_tap_dev(qemu_t)
|
+corenet_rw_tun_tap_dev(qemu_t)
|
||||||
+
|
+
|
||||||
+virt_manage_image(qemu_t)
|
+kernel_read_system_state(qemu_t)
|
||||||
+virt_read_config(qemu_t)
|
|
||||||
+
|
+
|
||||||
+dev_rw_kvm(qemu_t)
|
+dev_rw_kvm(qemu_t)
|
||||||
+
|
+
|
||||||
@ -24828,6 +24828,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.t
|
|||||||
+files_search_all(qemu_t)
|
+files_search_all(qemu_t)
|
||||||
+
|
+
|
||||||
+fs_rw_anon_inodefs_files(qemu_t)
|
+fs_rw_anon_inodefs_files(qemu_t)
|
||||||
|
+fs_rw_tmpfs_files(qemu_t)
|
||||||
+
|
+
|
||||||
+storage_raw_write_removable_device(qemu_t)
|
+storage_raw_write_removable_device(qemu_t)
|
||||||
+storage_raw_read_removable_device(qemu_t)
|
+storage_raw_read_removable_device(qemu_t)
|
||||||
@ -24841,8 +24842,24 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.t
|
|||||||
+
|
+
|
||||||
+miscfiles_read_localization(qemu_t)
|
+miscfiles_read_localization(qemu_t)
|
||||||
+
|
+
|
||||||
+allow qemu_unconfined_t self:process { execstack execmem };
|
+sysnet_read_config(qemu_t)
|
||||||
|
+
|
||||||
|
+virt_manage_image(qemu_t)
|
||||||
|
+virt_read_config(qemu_t)
|
||||||
|
+
|
||||||
|
+optional_policy(`
|
||||||
|
+ xserver_stream_connect_xdm_xserver(qemu_t)
|
||||||
|
+ xserver_read_xdm_tmp_files(qemu_t)
|
||||||
|
+ xserver_xdm_rw_shm(qemu_t)
|
||||||
|
+')
|
||||||
|
+
|
||||||
|
+########################################
|
||||||
|
+#
|
||||||
|
+# qemu_unconfined local policy
|
||||||
|
+#
|
||||||
|
+
|
||||||
+unconfined_domain_noaudit(qemu_unconfined_t)
|
+unconfined_domain_noaudit(qemu_unconfined_t)
|
||||||
|
+allow qemu_unconfined_t self:process { execstack execmem };
|
||||||
+
|
+
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.te serefpolicy-3.2.7/policy/modules/system/raid.te
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.te serefpolicy-3.2.7/policy/modules/system/raid.te
|
||||||
--- nsaserefpolicy/policy/modules/system/raid.te 2007-12-19 05:32:17.000000000 -0500
|
--- nsaserefpolicy/policy/modules/system/raid.te 2007-12-19 05:32:17.000000000 -0500
|
||||||
|
Loading…
Reference in New Issue
Block a user