[selinux-policy/f15/master] - staff_r should be allowed to transition to qemu_t - systemd_tmpfiles_t cleans up /var/lib/rpm

Miroslav Grepl mgrepl at fedoraproject.org
Tue Mar 8 14:24:20 UTC 2011 

commit 8ea0a64bbdd435406aeee09d573c756fa65f9704
Author: Miroslav Grepl <mgrepl at redhat.com>
Date:   Tue Mar 8 15:23:59 2011 +0000

    - staff_r should be allowed to transition to qemu_t
    - systemd_tmpfiles_t cleans up /var/lib/rpm

 policy-F15.patch |   22 +++++++++++++++-------
 1 files changed, 15 insertions(+), 7 deletions(-)
---
diff --git a/policy-F15.patch b/policy-F15.patch
index 96ddb3f..d97462d 100644
--- a/policy-F15.patch
+++ b/policy-F15.patch
@@ -13022,7 +13022,7 @@ index be4de58..cce681a 100644
  ########################################
  #
 diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
-index 2be17d2..d519104 100644
+index 2be17d2..6898bd0 100644
 --- a/policy/modules/roles/staff.te
 +++ b/policy/modules/roles/staff.te
 @@ -8,12 +8,48 @@ policy_module(staff, 2.2.0)
@@ -13074,7 +13074,7 @@ index 2be17d2..d519104 100644
  optional_policy(`
  	apache_role(staff_r, staff_t)
  ')
-@@ -27,25 +63,134 @@ optional_policy(`
+@@ -27,25 +63,138 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -13146,6 +13146,10 @@ index 2be17d2..d519104 100644
  ')
  
  optional_policy(`
++	qemu_role(staff_r, staff_t)
++')
++
++optional_policy(`
 +	rtkit_scheduled(staff_t)
 +')
 +
@@ -13211,7 +13215,7 @@ index 2be17d2..d519104 100644
  
  optional_policy(`
  	vlock_run(staff_t, staff_r)
-@@ -89,10 +234,6 @@ ifndef(`distro_redhat',`
+@@ -89,10 +238,6 @@ ifndef(`distro_redhat',`
  	')
  
  	optional_policy(`
@@ -13222,7 +13226,7 @@ index 2be17d2..d519104 100644
  		gpg_role(staff_r, staff_t)
  	')
  
-@@ -137,10 +278,6 @@ ifndef(`distro_redhat',`
+@@ -137,10 +282,6 @@ ifndef(`distro_redhat',`
  	')
  
  	optional_policy(`
@@ -13233,7 +13237,7 @@ index 2be17d2..d519104 100644
  		spamassassin_role(staff_r, staff_t)
  	')
  
-@@ -172,3 +309,8 @@ ifndef(`distro_redhat',`
+@@ -172,3 +313,8 @@ ifndef(`distro_redhat',`
  		wireshark_role(staff_r, staff_t)
  	')
  ')
@@ -51287,10 +51291,10 @@ index 0000000..1d17a7b
 +')
 diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
 new file mode 100644
-index 0000000..38f7fe1
+index 0000000..23d4b0c
 --- /dev/null
 +++ b/policy/modules/system/systemd.te
-@@ -0,0 +1,134 @@
+@@ -0,0 +1,138 @@
 +
 +policy_module(systemd, 1.0.0)
 +
@@ -51404,6 +51408,10 @@ index 0000000..38f7fe1
 +    auth_rw_login_records(systemd_tmpfiles_t)
 +')
 +
++optional_policy(`
++	rpm_delete_db(systemd_tmpfiles_t)
++')
++
 +########################################
 +#
 +# systemd_notify local policy

More information about the scm-commits mailing list