parent
1f5ca46002
commit
fe0d467c2b
|
@ -6837,7 +6837,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
|
||||||
#
|
#
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-3.4.2/policy/modules/kernel/filesystem.if
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-3.4.2/policy/modules/kernel/filesystem.if
|
||||||
--- nsaserefpolicy/policy/modules/kernel/filesystem.if 2008-06-12 23:25:02.000000000 -0400
|
--- nsaserefpolicy/policy/modules/kernel/filesystem.if 2008-06-12 23:25:02.000000000 -0400
|
||||||
+++ serefpolicy-3.4.2/policy/modules/kernel/filesystem.if 2008-06-12 23:37:51.000000000 -0400
|
+++ serefpolicy-3.4.2/policy/modules/kernel/filesystem.if 2008-06-22 08:12:48.000000000 -0400
|
||||||
@@ -310,6 +310,25 @@
|
@@ -310,6 +310,25 @@
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
|
@ -30265,8 +30265,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.f
|
||||||
+/usr/bin/qemu-kvm -- gen_context(system_u:object_r:qemu_exec_t,s0)
|
+/usr/bin/qemu-kvm -- gen_context(system_u:object_r:qemu_exec_t,s0)
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.if serefpolicy-3.4.2/policy/modules/system/qemu.if
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.if serefpolicy-3.4.2/policy/modules/system/qemu.if
|
||||||
--- nsaserefpolicy/policy/modules/system/qemu.if 1969-12-31 19:00:00.000000000 -0500
|
--- nsaserefpolicy/policy/modules/system/qemu.if 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ serefpolicy-3.4.2/policy/modules/system/qemu.if 2008-06-22 08:07:11.000000000 -0400
|
+++ serefpolicy-3.4.2/policy/modules/system/qemu.if 2008-06-22 08:17:59.000000000 -0400
|
||||||
@@ -0,0 +1,340 @@
|
@@ -0,0 +1,336 @@
|
||||||
+
|
+
|
||||||
+## <summary>policy for qemu</summary>
|
+## <summary>policy for qemu</summary>
|
||||||
+
|
+
|
||||||
|
@ -30596,10 +30596,6 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.i
|
||||||
+ ')
|
+ ')
|
||||||
+
|
+
|
||||||
+ optional_policy(`
|
+ optional_policy(`
|
||||||
+ xen_rw_image_files($1_t)
|
|
||||||
+ ')
|
|
||||||
+
|
|
||||||
+ optional_policy(`
|
|
||||||
+ xserver_stream_connect_xdm_xserver($1_t)
|
+ xserver_stream_connect_xdm_xserver($1_t)
|
||||||
+ xserver_read_xdm_tmp_files($1_t)
|
+ xserver_read_xdm_tmp_files($1_t)
|
||||||
+ xserver_read_xdm_pid($1_t)
|
+ xserver_read_xdm_pid($1_t)
|
||||||
|
@ -30609,8 +30605,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.i
|
||||||
+
|
+
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.te serefpolicy-3.4.2/policy/modules/system/qemu.te
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.te serefpolicy-3.4.2/policy/modules/system/qemu.te
|
||||||
--- nsaserefpolicy/policy/modules/system/qemu.te 1969-12-31 19:00:00.000000000 -0500
|
--- nsaserefpolicy/policy/modules/system/qemu.te 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ serefpolicy-3.4.2/policy/modules/system/qemu.te 2008-06-12 23:37:53.000000000 -0400
|
+++ serefpolicy-3.4.2/policy/modules/system/qemu.te 2008-06-22 08:15:43.000000000 -0400
|
||||||
@@ -0,0 +1,49 @@
|
@@ -0,0 +1,79 @@
|
||||||
+policy_module(qemu,1.0.0)
|
+policy_module(qemu,1.0.0)
|
||||||
+
|
+
|
||||||
+## <desc>
|
+## <desc>
|
||||||
|
@ -30620,6 +30616,20 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.t
|
||||||
+## </desc>
|
+## </desc>
|
||||||
+gen_tunable(allow_qemu_full_network,false)
|
+gen_tunable(allow_qemu_full_network,false)
|
||||||
+
|
+
|
||||||
|
+## <desc>
|
||||||
|
+## <p>
|
||||||
|
+## Allow qemu to use nfs file systems
|
||||||
|
+## </p>
|
||||||
|
+## </desc>
|
||||||
|
+gen_tunable(qemu_use_nfs,true)
|
||||||
|
+
|
||||||
|
+## <desc>
|
||||||
|
+## <p>
|
||||||
|
+## Allow qemu to use cifs/Samba file systems
|
||||||
|
+## </p>
|
||||||
|
+## </desc>
|
||||||
|
+gen_tunable(qemu_use_cifs,true)
|
||||||
|
+
|
||||||
+########################################
|
+########################################
|
||||||
+#
|
+#
|
||||||
+# Declarations
|
+# Declarations
|
||||||
|
@ -30649,6 +30659,22 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.t
|
||||||
+ corenet_tcp_connect_all_ports(qemu_t)
|
+ corenet_tcp_connect_all_ports(qemu_t)
|
||||||
+')
|
+')
|
||||||
+
|
+
|
||||||
|
+tunable_policy(`qemu_use_nfs',`
|
||||||
|
+ fs_manage_nfs_files(qemu_t)
|
||||||
|
+')
|
||||||
|
+
|
||||||
|
+tunable_policy(`qemu_use_cifs',`
|
||||||
|
+ fs_manage_cifs_dirs(qemu_t)
|
||||||
|
+')
|
||||||
|
+
|
||||||
|
+optional_policy(`
|
||||||
|
+ xen_rw_image_files(qemu_t)
|
||||||
|
+')
|
||||||
|
+
|
||||||
|
+optional_policy(`
|
||||||
|
+ xen_rw_image_files(qemu_t)
|
||||||
|
+')
|
||||||
|
+
|
||||||
+########################################
|
+########################################
|
||||||
+#
|
+#
|
||||||
+# qemu_unconfined local policy
|
+# qemu_unconfined local policy
|
||||||
|
|
|
@ -17,7 +17,7 @@
|
||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 3.4.2
|
Version: 3.4.2
|
||||||
Release: 3%{?dist}
|
Release: 4%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: serefpolicy-%{version}.tgz
|
Source: serefpolicy-%{version}.tgz
|
||||||
|
@ -375,6 +375,10 @@ exit 0
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Jun 12 2008 Dan Walsh <dwalsh@redhat.com> 3.4.2-4
|
||||||
|
- allow hplip to talk dbus
|
||||||
|
- Fix context on ~/.local dir
|
||||||
|
|
||||||
* Thu Jun 12 2008 Dan Walsh <dwalsh@redhat.com> 3.4.2-3
|
* Thu Jun 12 2008 Dan Walsh <dwalsh@redhat.com> 3.4.2-3
|
||||||
- Prevent applications from reading x_device
|
- Prevent applications from reading x_device
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue