- allow hplip to talk dbus

- Fix context on ~/.local dir
2008-06-22 12:22:25 +00:00 · 2008-06-22 12:22:25 +00:00 · fe0d467c2b
parent 1f5ca46002
commit fe0d467c2b
2 changed files with 40 additions and 10 deletions
--- a/policy-20080509.patch
+++ b/policy-20080509.patch
@ -6837,7 +6837,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
 #
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-3.4.2/policy/modules/kernel/filesystem.if
 --- nsaserefpolicy/policy/modules/kernel/filesystem.if	2008-06-12 23:25:02.000000000 -0400
-+++ serefpolicy-3.4.2/policy/modules/kernel/filesystem.if	2008-06-12 23:37:51.000000000 -0400
+++ serefpolicy-3.4.2/policy/modules/kernel/filesystem.if	2008-06-22 08:12:48.000000000 -0400
@@ -310,6 +310,25 @@
 
 ########################################
@ -30265,8 +30265,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.f
 +/usr/bin/qemu-kvm --	gen_context(system_u:object_r:qemu_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.if serefpolicy-3.4.2/policy/modules/system/qemu.if
 --- nsaserefpolicy/policy/modules/system/qemu.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.4.2/policy/modules/system/qemu.if	2008-06-22 08:07:11.000000000 -0400
-@@ -0,0 +1,340 @@
+++ serefpolicy-3.4.2/policy/modules/system/qemu.if	2008-06-22 08:17:59.000000000 -0400
+@@ -0,0 +1,336 @@
 +
 +## <summary>policy for qemu</summary>
 +
@ -30596,10 +30596,6 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.i
 +	')
 +
 +	optional_policy(`
-+		xen_rw_image_files($1_t)
-+	')
-+
-+	optional_policy(`
 +		xserver_stream_connect_xdm_xserver($1_t)
 +		xserver_read_xdm_tmp_files($1_t)
 +		xserver_read_xdm_pid($1_t)
@ -30609,8 +30605,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.i
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.te serefpolicy-3.4.2/policy/modules/system/qemu.te
 --- nsaserefpolicy/policy/modules/system/qemu.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.4.2/policy/modules/system/qemu.te	2008-06-12 23:37:53.000000000 -0400
-@@ -0,0 +1,49 @@
+++ serefpolicy-3.4.2/policy/modules/system/qemu.te	2008-06-22 08:15:43.000000000 -0400
+@@ -0,0 +1,79 @@
 +policy_module(qemu,1.0.0)
 +
 +## <desc>
@ -30620,6 +30616,20 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.t
 +## </desc>
 +gen_tunable(allow_qemu_full_network,false)
 +
+## <desc>
+## <p>
+## Allow qemu to use nfs file systems
+## </p>
+## </desc>
+gen_tunable(qemu_use_nfs,true)
+
+## <desc>
+## <p>
+## Allow qemu to use cifs/Samba file systems
+## </p>
+## </desc>
+gen_tunable(qemu_use_cifs,true)
+
 +########################################
 +#
 +# Declarations
@ -30649,6 +30659,22 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.t
 +	corenet_tcp_connect_all_ports(qemu_t)
 +')
 +
+tunable_policy(`qemu_use_nfs',`
+	fs_manage_nfs_files(qemu_t)
+')
+
+tunable_policy(`qemu_use_cifs',`
+	fs_manage_cifs_dirs(qemu_t)
+')
+
+optional_policy(`
+	xen_rw_image_files(qemu_t)
+')
+
+optional_policy(`
+	xen_rw_image_files(qemu_t)
+')
+
 +########################################
 +#
 +# qemu_unconfined local policy
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.4.2
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@ -375,6 +375,10 @@ exit 0
 %endif

 %changelog
+* Fri Jun 12 2008 Dan Walsh <dwalsh@redhat.com> 3.4.2-4
+- allow hplip to talk dbus
+- Fix context on ~/.local dir
+
 * Thu Jun 12 2008 Dan Walsh <dwalsh@redhat.com> 3.4.2-3
 - Prevent applications from reading x_device