rpms/selinux-policy/devel policy-20071130.patch,1.63,1.64
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Thu Feb 14 20:51:11 UTC 2008
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv5622
Modified Files:
policy-20071130.patch
Log Message:
* Thu Feb 5 2008 Dan Walsh <dwalsh at redhat.com> 3.2.7-6
- Allow udev to send audit messages
policy-20071130.patch:
Index: policy-20071130.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20071130.patch,v
retrieving revision 1.63
retrieving revision 1.64
diff -u -r1.63 -r1.64
--- policy-20071130.patch 14 Feb 2008 20:25:46 -0000 1.63
+++ policy-20071130.patch 14 Feb 2008 20:51:06 -0000 1.64
@@ -21255,7 +21255,7 @@
/var/lib/pam_devperm/:0 -- gen_context(system_u:object_r:xdm_var_lib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.2.7/policy/modules/services/xserver.if
--- nsaserefpolicy/policy/modules/services/xserver.if 2007-12-04 11:02:50.000000000 -0500
-+++ serefpolicy-3.2.7/policy/modules/services/xserver.if 2008-02-13 16:57:15.000000000 -0500
++++ serefpolicy-3.2.7/policy/modules/services/xserver.if 2008-02-14 15:45:10.000000000 -0500
@@ -15,6 +15,7 @@
template(`xserver_common_domain_template',`
gen_require(`
@@ -24776,8 +24776,8 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.te serefpolicy-3.2.7/policy/modules/system/qemu.te
--- nsaserefpolicy/policy/modules/system/qemu.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.7/policy/modules/system/qemu.te 2008-02-13 16:57:16.000000000 -0500
-@@ -0,0 +1,66 @@
++++ serefpolicy-3.2.7/policy/modules/system/qemu.te 2008-02-14 15:46:36.000000000 -0500
+@@ -0,0 +1,83 @@
+policy_module(qemu,1.0.0)
+
+########################################
@@ -24807,6 +24807,7 @@
+## internal communication is often done using fifo and unix sockets.
+allow qemu_t self:fifo_file rw_file_perms;
+allow qemu_t self:unix_stream_socket create_stream_socket_perms;
++allow qemu_t self:shm create_shm_perms;
+
+corenet_all_recvfrom_unlabeled(qemu_t)
+corenet_all_recvfrom_netlabel(qemu_t)
@@ -24817,8 +24818,7 @@
+corenet_tcp_bind_vnc_port(qemu_t)
+corenet_rw_tun_tap_dev(qemu_t)
+
-+virt_manage_image(qemu_t)
-+virt_read_config(qemu_t)
++kernel_read_system_state(qemu_t)
+
+dev_rw_kvm(qemu_t)
+
@@ -24828,6 +24828,7 @@
+files_search_all(qemu_t)
+
+fs_rw_anon_inodefs_files(qemu_t)
++fs_rw_tmpfs_files(qemu_t)
+
+storage_raw_write_removable_device(qemu_t)
+storage_raw_read_removable_device(qemu_t)
@@ -24841,8 +24842,24 @@
+
+miscfiles_read_localization(qemu_t)
+
-+allow qemu_unconfined_t self:process { execstack execmem };
++sysnet_read_config(qemu_t)
++
++virt_manage_image(qemu_t)
++virt_read_config(qemu_t)
++
++optional_policy(`
++ xserver_stream_connect_xdm_xserver(qemu_t)
++ xserver_read_xdm_tmp_files(qemu_t)
++ xserver_xdm_rw_shm(qemu_t)
++')
++
++########################################
++#
++# qemu_unconfined local policy
++#
++
+unconfined_domain_noaudit(qemu_unconfined_t)
++allow qemu_unconfined_t self:process { execstack execmem };
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.te serefpolicy-3.2.7/policy/modules/system/raid.te
--- nsaserefpolicy/policy/modules/system/raid.te 2007-12-19 05:32:17.000000000 -0500
More information about the fedora-extras-commits
mailing list