[selinux-policy/f15/master] - staff_r should be allowed to transition to qemu_t - systemd_tmpfiles_t cleans up /var/lib/rpm
Miroslav Grepl
mgrepl at fedoraproject.org
Tue Mar 8 14:24:20 UTC 2011
commit 8ea0a64bbdd435406aeee09d573c756fa65f9704
Author: Miroslav Grepl <mgrepl at redhat.com>
Date: Tue Mar 8 15:23:59 2011 +0000
- staff_r should be allowed to transition to qemu_t
- systemd_tmpfiles_t cleans up /var/lib/rpm
policy-F15.patch | 22 +++++++++++++++-------
1 files changed, 15 insertions(+), 7 deletions(-)
---
diff --git a/policy-F15.patch b/policy-F15.patch
index 96ddb3f..d97462d 100644
--- a/policy-F15.patch
+++ b/policy-F15.patch
@@ -13022,7 +13022,7 @@ index be4de58..cce681a 100644
########################################
#
diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
-index 2be17d2..d519104 100644
+index 2be17d2..6898bd0 100644
--- a/policy/modules/roles/staff.te
+++ b/policy/modules/roles/staff.te
@@ -8,12 +8,48 @@ policy_module(staff, 2.2.0)
@@ -13074,7 +13074,7 @@ index 2be17d2..d519104 100644
optional_policy(`
apache_role(staff_r, staff_t)
')
-@@ -27,25 +63,134 @@ optional_policy(`
+@@ -27,25 +63,138 @@ optional_policy(`
')
optional_policy(`
@@ -13146,6 +13146,10 @@ index 2be17d2..d519104 100644
')
optional_policy(`
++ qemu_role(staff_r, staff_t)
++')
++
++optional_policy(`
+ rtkit_scheduled(staff_t)
+')
+
@@ -13211,7 +13215,7 @@ index 2be17d2..d519104 100644
optional_policy(`
vlock_run(staff_t, staff_r)
-@@ -89,10 +234,6 @@ ifndef(`distro_redhat',`
+@@ -89,10 +238,6 @@ ifndef(`distro_redhat',`
')
optional_policy(`
@@ -13222,7 +13226,7 @@ index 2be17d2..d519104 100644
gpg_role(staff_r, staff_t)
')
-@@ -137,10 +278,6 @@ ifndef(`distro_redhat',`
+@@ -137,10 +282,6 @@ ifndef(`distro_redhat',`
')
optional_policy(`
@@ -13233,7 +13237,7 @@ index 2be17d2..d519104 100644
spamassassin_role(staff_r, staff_t)
')
-@@ -172,3 +309,8 @@ ifndef(`distro_redhat',`
+@@ -172,3 +313,8 @@ ifndef(`distro_redhat',`
wireshark_role(staff_r, staff_t)
')
')
@@ -51287,10 +51291,10 @@ index 0000000..1d17a7b
+')
diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
new file mode 100644
-index 0000000..38f7fe1
+index 0000000..23d4b0c
--- /dev/null
+++ b/policy/modules/system/systemd.te
-@@ -0,0 +1,134 @@
+@@ -0,0 +1,138 @@
+
+policy_module(systemd, 1.0.0)
+
@@ -51404,6 +51408,10 @@ index 0000000..38f7fe1
+ auth_rw_login_records(systemd_tmpfiles_t)
+')
+
++optional_policy(`
++ rpm_delete_db(systemd_tmpfiles_t)
++')
++
+########################################
+#
+# systemd_notify local policy
More information about the scm-commits
mailing list