[selinux-policy: 2405/3172] Xguest patch from Dan Walsh.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 22:33:27 UTC 2010
commit c06a4452e2f6bd4dff1cc6a4f5d6ebae6a9cb51a
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Wed Feb 17 09:23:17 2010 -0500
Xguest patch from Dan Walsh.
policy/modules/roles/xguest.te | 18 +++++++++++++++++-
1 files changed, 17 insertions(+), 1 deletions(-)
---
diff --git a/policy/modules/roles/xguest.te b/policy/modules/roles/xguest.te
index 19f531d..26e4db5 100644
--- a/policy/modules/roles/xguest.te
+++ b/policy/modules/roles/xguest.te
@@ -1,5 +1,5 @@
-policy_module(xguest, 1.0.0)
+policy_module(xguest, 1.0.1)
########################################
#
@@ -36,6 +36,20 @@ userdom_restricted_xwindows_user_template(xguest)
# Local policy
#
+ifndef(`enable_mls',`
+ fs_exec_noxattr(xguest_t)
+
+ tunable_policy(`user_rw_noexattrfile',`
+ fs_manage_noxattr_fs_files(xguest_t)
+ fs_manage_noxattr_fs_dirs(xguest_t)
+ # Write floppies
+ storage_raw_read_removable_device(xguest_t)
+ storage_raw_write_removable_device(xguest_t)
+ ',`
+ storage_raw_read_removable_device(xguest_t)
+ ')
+')
+
# Allow mounting of file systems
optional_policy(`
tunable_policy(`xguest_mount_media',`
@@ -77,6 +91,8 @@ optional_policy(`
optional_policy(`
tunable_policy(`xguest_connect_network',`
networkmanager_dbus_chat(xguest_t)
+ corenet_tcp_connect_pulseaudio_port(xguest_t)
+ corenet_tcp_connect_ipp_port(xguest_t)
')
')
More information about the scm-commits
mailing list