rpms/selinux-policy
5
0
Fork 0
Code Issues Pull Requests Releases Activity

- allow hplip to talk dbus

Browse Source 
- Fix context on ~/.local dir
This commit is contained in:
Daniel J Walsh 2008-06-22 12:22:25 +00:00
parent 1f5ca46002
commit fe0d467c2b
2 changed files with 40 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
policy-20080509.patch
View File

@ -6837,7 +6837,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
#
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-3.4.2/policy/modules/kernel/filesystem.if
--- nsaserefpolicy/policy/modules/kernel/filesystem.if 2008-06-12 23:25:02.000000000 -0400
+++ serefpolicy-3.4.2/policy/modules/kernel/filesystem.if 2008-06-12 23:37:51.000000000 -0400
+++ serefpolicy-3.4.2/policy/modules/kernel/filesystem.if 2008-06-22 08:12:48.000000000 -0400
@@ -310,6 +310,25 @@
########################################
@ -30265,8 +30265,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.f
+/usr/bin/qemu-kvm -- gen_context(system_u:object_r:qemu_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.if serefpolicy-3.4.2/policy/modules/system/qemu.if
--- nsaserefpolicy/policy/modules/system/qemu.if 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-3.4.2/policy/modules/system/qemu.if 2008-06-22 08:07:11.000000000 -0400
@@ -0,0 +1,340 @@
+++ serefpolicy-3.4.2/policy/modules/system/qemu.if 2008-06-22 08:17:59.000000000 -0400
@@ -0,0 +1,336 @@
+
+## <summary>policy for qemu</summary>
+
@ -30596,10 +30596,6 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.i
+ ')
+
+ optional_policy(`
+ xen_rw_image_files($1_t)
+ ')
+
+ optional_policy(`
+ xserver_stream_connect_xdm_xserver($1_t)
+ xserver_read_xdm_tmp_files($1_t)
+ xserver_read_xdm_pid($1_t)
@ -30609,8 +30605,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.i
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.te serefpolicy-3.4.2/policy/modules/system/qemu.te
--- nsaserefpolicy/policy/modules/system/qemu.te 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-3.4.2/policy/modules/system/qemu.te 2008-06-12 23:37:53.000000000 -0400
@@ -0,0 +1,49 @@
+++ serefpolicy-3.4.2/policy/modules/system/qemu.te 2008-06-22 08:15:43.000000000 -0400
@@ -0,0 +1,79 @@
+policy_module(qemu,1.0.0)
+
+## <desc>
@ -30620,6 +30616,20 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.t
+## </desc>
+gen_tunable(allow_qemu_full_network,false)
+
+## <desc>
+## <p>
+## Allow qemu to use nfs file systems
+## </p>
+## </desc>
+gen_tunable(qemu_use_nfs,true)
+
+## <desc>
+## <p>
+## Allow qemu to use cifs/Samba file systems
+## </p>
+## </desc>
+gen_tunable(qemu_use_cifs,true)
+
+########################################
+#
+# Declarations
@ -30649,6 +30659,22 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.t
+ corenet_tcp_connect_all_ports(qemu_t)
+')
+
+tunable_policy(`qemu_use_nfs',`
+ fs_manage_nfs_files(qemu_t)
+')
+
+tunable_policy(`qemu_use_cifs',`
+ fs_manage_cifs_dirs(qemu_t)
+')
+
+optional_policy(`
+ xen_rw_image_files(qemu_t)
+')
+
+optional_policy(`
+ xen_rw_image_files(qemu_t)
+')
+
+########################################
+#
+# qemu_unconfined local policy

6
selinux-policy.spec
View File

@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.4.2
Release: 3%{?dist}
Release: 4%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@ -375,6 +375,10 @@ exit 0
%endif
%changelog
* Fri Jun 12 2008 Dan Walsh <dwalsh@redhat.com> 3.4.2-4
- allow hplip to talk dbus
- Fix context on ~/.local dir
* Thu Jun 12 2008 Dan Walsh <dwalsh@redhat.com> 3.4.2-3
- Prevent applications from reading x_device