From fe0d467c2bf0324dac66cf1c1f795168b19424b1 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Sun, 22 Jun 2008 12:22:25 +0000 Subject: [PATCH] - allow hplip to talk dbus - Fix context on ~/.local dir --- policy-20080509.patch | 44 ++++++++++++++++++++++++++++++++++--------- selinux-policy.spec | 6 +++++- 2 files changed, 40 insertions(+), 10 deletions(-) diff --git a/policy-20080509.patch b/policy-20080509.patch index ff5d75b3..9bc28725 100644 --- a/policy-20080509.patch +++ b/policy-20080509.patch @@ -6837,7 +6837,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files. # diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-3.4.2/policy/modules/kernel/filesystem.if --- nsaserefpolicy/policy/modules/kernel/filesystem.if 2008-06-12 23:25:02.000000000 -0400 -+++ serefpolicy-3.4.2/policy/modules/kernel/filesystem.if 2008-06-12 23:37:51.000000000 -0400 ++++ serefpolicy-3.4.2/policy/modules/kernel/filesystem.if 2008-06-22 08:12:48.000000000 -0400 @@ -310,6 +310,25 @@ ######################################## @@ -30265,8 +30265,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.f +/usr/bin/qemu-kvm -- gen_context(system_u:object_r:qemu_exec_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.if serefpolicy-3.4.2/policy/modules/system/qemu.if --- nsaserefpolicy/policy/modules/system/qemu.if 1969-12-31 19:00:00.000000000 -0500 -+++ serefpolicy-3.4.2/policy/modules/system/qemu.if 2008-06-22 08:07:11.000000000 -0400 -@@ -0,0 +1,340 @@ ++++ serefpolicy-3.4.2/policy/modules/system/qemu.if 2008-06-22 08:17:59.000000000 -0400 +@@ -0,0 +1,336 @@ + +## policy for qemu + @@ -30596,10 +30596,6 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.i + ') + + optional_policy(` -+ xen_rw_image_files($1_t) -+ ') -+ -+ optional_policy(` + xserver_stream_connect_xdm_xserver($1_t) + xserver_read_xdm_tmp_files($1_t) + xserver_read_xdm_pid($1_t) @@ -30609,8 +30605,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.i + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.te serefpolicy-3.4.2/policy/modules/system/qemu.te --- nsaserefpolicy/policy/modules/system/qemu.te 1969-12-31 19:00:00.000000000 -0500 -+++ serefpolicy-3.4.2/policy/modules/system/qemu.te 2008-06-12 23:37:53.000000000 -0400 -@@ -0,0 +1,49 @@ ++++ serefpolicy-3.4.2/policy/modules/system/qemu.te 2008-06-22 08:15:43.000000000 -0400 +@@ -0,0 +1,79 @@ +policy_module(qemu,1.0.0) + +## @@ -30620,6 +30616,20 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.t +## +gen_tunable(allow_qemu_full_network,false) + ++## ++##

++## Allow qemu to use nfs file systems ++##

++## ++gen_tunable(qemu_use_nfs,true) ++ ++## ++##

++## Allow qemu to use cifs/Samba file systems ++##

++## ++gen_tunable(qemu_use_cifs,true) ++ +######################################## +# +# Declarations @@ -30649,6 +30659,22 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.t + corenet_tcp_connect_all_ports(qemu_t) +') + ++tunable_policy(`qemu_use_nfs',` ++ fs_manage_nfs_files(qemu_t) ++') ++ ++tunable_policy(`qemu_use_cifs',` ++ fs_manage_cifs_dirs(qemu_t) ++') ++ ++optional_policy(` ++ xen_rw_image_files(qemu_t) ++') ++ ++optional_policy(` ++ xen_rw_image_files(qemu_t) ++') ++ +######################################## +# +# qemu_unconfined local policy diff --git a/selinux-policy.spec b/selinux-policy.spec index 69cef6f0..7465f1a6 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -17,7 +17,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.4.2 -Release: 3%{?dist} +Release: 4%{?dist} License: GPLv2+ Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -375,6 +375,10 @@ exit 0 %endif %changelog +* Fri Jun 12 2008 Dan Walsh 3.4.2-4 +- allow hplip to talk dbus +- Fix context on ~/.local dir + * Thu Jun 12 2008 Dan Walsh 3.4.2-3 - Prevent applications from reading x_device