[selinux-policy/f17] Fix virt merge issue
Miroslav Grepl
mgrepl at fedoraproject.org
Fri Dec 14 22:47:01 UTC 2012
commit e41a9bfe7b2ddeefd6097a8ecc637cd4f227c6b0
Author: Miroslav Grepl <mgrepl at redhat.com>
Date: Fri Dec 14 23:45:17 2012 +0100
Fix virt merge issue
policy-F16.patch | 78 ++++++++++++++++++++++++++++-------------------------
1 files changed, 41 insertions(+), 37 deletions(-)
---
diff --git a/policy-F16.patch b/policy-F16.patch
index c2efa7d..7f48ebb 100644
--- a/policy-F16.patch
+++ b/policy-F16.patch
@@ -143529,7 +143529,7 @@ index 7c5d8d8..6917f32 100644
+ files_pid_filetrans($1, virt_lxc_var_run_t, dir, "libvirt-sandbox")
')
diff --git a/policy/modules/services/virt.te b/policy/modules/services/virt.te
-index 3eca020..f431ff2 100644
+index 3eca020..d185867 100644
--- a/policy/modules/services/virt.te
+++ b/policy/modules/services/virt.te
@@ -1,60 +1,91 @@
@@ -143599,15 +143599,15 @@ index 3eca020..f431ff2 100644
+gen_tunable(virt_use_sanlock, false)
+
+## <desc>
-+## <p>
+ ## <p>
+-## Allow virt to use usb devices
+## Allow confined virtual guests to interact with the xserver
+## </p>
+## </desc>
+gen_tunable(virt_use_xserver, false)
+
+## <desc>
- ## <p>
--## Allow virt to use usb devices
++## <p>
+## Allow confined virtual guests to use usb devices
## </p>
## </desc>
@@ -143633,7 +143633,7 @@ index 3eca020..f431ff2 100644
type virt_etc_t;
files_config_file(virt_etc_t)
-@@ -62,33 +93,49 @@ files_config_file(virt_etc_t)
+@@ -62,23 +93,48 @@ files_config_file(virt_etc_t)
type virt_etc_rw_t;
files_type(virt_etc_rw_t)
@@ -143669,27 +143669,31 @@ index 3eca020..f431ff2 100644
type virt_var_lib_t;
-files_type(virt_var_lib_t)
+files_mountpoint(virt_var_lib_t)
-
--type virtd_t;
--type virtd_exec_t;
--init_daemon_domain(virtd_t, virtd_exec_t)
--domain_obj_id_change_exemption(virtd_t)
--domain_subj_id_change_exemption(virtd_t)
++
+virt_domain_template(svirt_tcg)
+role system_r types svirt_tcg_t;
-
- type virtd_initrc_exec_t;
- init_script_file(virtd_initrc_exec_t)
-
++
++type virtd_initrc_exec_t;
++init_script_file(virtd_initrc_exec_t)
++
+type qemu_var_run_t;
+typealias qemu_var_run_t alias svirt_var_run_t;
+files_pid_file(qemu_var_run_t)
+mls_trusted_object(qemu_var_run_t)
-+
+
+ type virtd_t;
+ type virtd_exec_t;
+@@ -86,9 +142,6 @@ init_daemon_domain(virtd_t, virtd_exec_t)
+ domain_obj_id_change_exemption(virtd_t)
+ domain_subj_id_change_exemption(virtd_t)
+
+-type virtd_initrc_exec_t;
+-init_script_file(virtd_initrc_exec_t)
+-
ifdef(`enable_mcs',`
init_ranged_daemon_domain(virtd_t, virtd_exec_t, s0 - mcs_systemhigh)
')
-@@ -97,6 +144,35 @@ ifdef(`enable_mls',`
+@@ -97,6 +150,35 @@ ifdef(`enable_mls',`
init_ranged_daemon_domain(virtd_t, virtd_exec_t, s0 - mls_systemhigh)
')
@@ -143725,7 +143729,7 @@ index 3eca020..f431ff2 100644
########################################
#
# svirt local policy
-@@ -104,15 +180,12 @@ ifdef(`enable_mls',`
+@@ -104,15 +186,12 @@ ifdef(`enable_mls',`
allow svirt_t self:udp_socket create_socket_perms;
@@ -143742,7 +143746,7 @@ index 3eca020..f431ff2 100644
fs_hugetlbfs_filetrans(svirt_t, svirt_image_t, file)
list_dirs_pattern(svirt_t, virt_content_t, virt_content_t)
-@@ -130,9 +203,17 @@ corenet_tcp_connect_all_ports(svirt_t)
+@@ -130,9 +209,17 @@ corenet_tcp_connect_all_ports(svirt_t)
dev_list_sysfs(svirt_t)
@@ -143760,7 +143764,7 @@ index 3eca020..f431ff2 100644
tunable_policy(`virt_use_comm',`
term_use_unallocated_ttys(svirt_t)
-@@ -140,18 +221,26 @@ tunable_policy(`virt_use_comm',`
+@@ -140,18 +227,26 @@ tunable_policy(`virt_use_comm',`
')
tunable_policy(`virt_use_fusefs',`
@@ -143788,7 +143792,7 @@ index 3eca020..f431ff2 100644
')
tunable_policy(`virt_use_sysfs',`
-@@ -160,11 +249,28 @@ tunable_policy(`virt_use_sysfs',`
+@@ -160,11 +255,28 @@ tunable_policy(`virt_use_sysfs',`
tunable_policy(`virt_use_usb',`
dev_rw_usbfs(svirt_t)
@@ -143817,7 +143821,7 @@ index 3eca020..f431ff2 100644
xen_rw_image_files(svirt_t)
')
-@@ -173,22 +279,41 @@ optional_policy(`
+@@ -173,22 +285,41 @@ optional_policy(`
# virtd local policy
#
@@ -143866,7 +143870,7 @@ index 3eca020..f431ff2 100644
read_files_pattern(virtd_t, virt_etc_t, virt_etc_t)
read_lnk_files_pattern(virtd_t, virt_etc_t, virt_etc_t)
-@@ -199,14 +324,28 @@ manage_lnk_files_pattern(virtd_t, virt_etc_rw_t, virt_etc_rw_t)
+@@ -199,14 +330,28 @@ manage_lnk_files_pattern(virtd_t, virt_etc_rw_t, virt_etc_rw_t)
filetrans_pattern(virtd_t, virt_etc_t, virt_etc_rw_t, dir)
manage_files_pattern(virtd_t, virt_image_type, virt_image_type)
@@ -143897,7 +143901,7 @@ index 3eca020..f431ff2 100644
manage_dirs_pattern(virtd_t, virt_var_lib_t, virt_var_lib_t)
manage_files_pattern(virtd_t, virt_var_lib_t, virt_var_lib_t)
manage_sock_files_pattern(virtd_t, virt_var_lib_t, virt_var_lib_t)
-@@ -217,9 +356,15 @@ manage_files_pattern(virtd_t, virt_var_run_t, virt_var_run_t)
+@@ -217,9 +362,15 @@ manage_files_pattern(virtd_t, virt_var_run_t, virt_var_run_t)
manage_sock_files_pattern(virtd_t, virt_var_run_t, virt_var_run_t)
files_pid_filetrans(virtd_t, virt_var_run_t, { file dir })
@@ -143913,7 +143917,7 @@ index 3eca020..f431ff2 100644
kernel_request_load_module(virtd_t)
kernel_search_debugfs(virtd_t)
-@@ -239,22 +384,32 @@ corenet_tcp_connect_soundd_port(virtd_t)
+@@ -239,22 +390,32 @@ corenet_tcp_connect_soundd_port(virtd_t)
corenet_rw_tun_tap_dev(virtd_t)
dev_rw_sysfs(virtd_t)
@@ -143947,7 +143951,7 @@ index 3eca020..f431ff2 100644
fs_list_auto_mountpoints(virtd_t)
fs_getattr_xattr_fs(virtd_t)
-@@ -262,6 +417,18 @@ fs_rw_anon_inodefs_files(virtd_t)
+@@ -262,6 +423,18 @@ fs_rw_anon_inodefs_files(virtd_t)
fs_list_inotifyfs(virtd_t)
fs_manage_cgroup_dirs(virtd_t)
fs_rw_cgroup_files(virtd_t)
@@ -143966,7 +143970,7 @@ index 3eca020..f431ff2 100644
mcs_process_set_categories(virtd_t)
-@@ -276,6 +443,8 @@ term_use_ptmx(virtd_t)
+@@ -276,6 +449,8 @@ term_use_ptmx(virtd_t)
auth_use_nsswitch(virtd_t)
@@ -143975,7 +143979,7 @@ index 3eca020..f431ff2 100644
miscfiles_read_localization(virtd_t)
miscfiles_read_generic_certs(virtd_t)
miscfiles_read_hwdata(virtd_t)
-@@ -285,16 +454,32 @@ modutils_read_module_config(virtd_t)
+@@ -285,16 +460,32 @@ modutils_read_module_config(virtd_t)
modutils_manage_module_config(virtd_t)
logging_send_syslog_msg(virtd_t)
@@ -144008,7 +144012,7 @@ index 3eca020..f431ff2 100644
tunable_policy(`virt_use_nfs',`
fs_manage_nfs_dirs(virtd_t)
-@@ -313,6 +498,10 @@ optional_policy(`
+@@ -313,6 +504,10 @@ optional_policy(`
')
optional_policy(`
@@ -144019,7 +144023,7 @@ index 3eca020..f431ff2 100644
dbus_system_bus_client(virtd_t)
optional_policy(`
-@@ -326,19 +515,34 @@ optional_policy(`
+@@ -326,19 +521,34 @@ optional_policy(`
optional_policy(`
hal_dbus_chat(virtd_t)
')
@@ -144055,7 +144059,7 @@ index 3eca020..f431ff2 100644
# Manages /etc/sysconfig/system-config-firewall
iptables_manage_config(virtd_t)
-@@ -353,6 +557,12 @@ optional_policy(`
+@@ -353,6 +563,12 @@ optional_policy(`
')
optional_policy(`
@@ -144068,7 +144072,7 @@ index 3eca020..f431ff2 100644
policykit_dbus_chat(virtd_t)
policykit_domtrans_auth(virtd_t)
policykit_domtrans_resolve(virtd_t)
-@@ -360,11 +570,11 @@ optional_policy(`
+@@ -360,11 +576,11 @@ optional_policy(`
')
optional_policy(`
@@ -144085,7 +144089,7 @@ index 3eca020..f431ff2 100644
')
optional_policy(`
-@@ -375,6 +585,7 @@ optional_policy(`
+@@ -375,6 +591,7 @@ optional_policy(`
kernel_read_xen_state(virtd_t)
kernel_write_xen_state(virtd_t)
@@ -144093,7 +144097,7 @@ index 3eca020..f431ff2 100644
xen_stream_connect(virtd_t)
xen_stream_connect_xenstore(virtd_t)
xen_read_image_files(virtd_t)
-@@ -394,20 +605,36 @@ optional_policy(`
+@@ -394,20 +611,36 @@ optional_policy(`
# virtual domains common policy
#
@@ -144133,7 +144137,7 @@ index 3eca020..f431ff2 100644
corecmd_exec_bin(virt_domain)
corecmd_exec_shell(virt_domain)
-@@ -418,10 +645,12 @@ corenet_tcp_sendrecv_generic_node(virt_domain)
+@@ -418,10 +651,12 @@ corenet_tcp_sendrecv_generic_node(virt_domain)
corenet_tcp_sendrecv_all_ports(virt_domain)
corenet_tcp_bind_generic_node(virt_domain)
corenet_tcp_bind_vnc_port(virt_domain)
@@ -144147,7 +144151,7 @@ index 3eca020..f431ff2 100644
dev_read_rand(virt_domain)
dev_read_sound(virt_domain)
dev_read_urand(virt_domain)
-@@ -429,10 +658,12 @@ dev_write_sound(virt_domain)
+@@ -429,10 +664,12 @@ dev_write_sound(virt_domain)
dev_rw_ksm(virt_domain)
dev_rw_kvm(virt_domain)
dev_rw_qemu(virt_domain)
@@ -144160,7 +144164,7 @@ index 3eca020..f431ff2 100644
files_read_usr_files(virt_domain)
files_read_var_files(virt_domain)
files_search_all(virt_domain)
-@@ -440,25 +671,452 @@ files_search_all(virt_domain)
+@@ -440,25 +677,452 @@ files_search_all(virt_domain)
fs_getattr_tmpfs(virt_domain)
fs_rw_anon_inodefs_files(virt_domain)
fs_rw_tmpfs_files(virt_domain)
More information about the scm-commits
mailing list