rpms/selinux-policy/devel policy-20090105.patch,1.36,1.37

Daniel J Walsh dwalsh at fedoraproject.org
Mon Feb 9 14:23:24 UTC 2009 

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv16295

Modified Files:
	policy-20090105.patch 
Log Message:
* Sun Feb 8 2009 Dan Walsh <dwalsh at redhat.com> 3.6.4-5
- Allow xdm to create user_tmp_t sockets for switch user to work


policy-20090105.patch:

Index: policy-20090105.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20090105.patch,v
retrieving revision 1.36
retrieving revision 1.37
diff -u -r1.36 -r1.37
--- policy-20090105.patch	9 Feb 2009 14:20:38 -0000	1.36
+++ policy-20090105.patch	9 Feb 2009 14:23:24 -0000	1.37
@@ -3430,12 +3430,14 @@
  dbus_system_bus_client(podsleuth_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.fc serefpolicy-3.6.4/policy/modules/apps/qemu.fc
 --- nsaserefpolicy/policy/modules/apps/qemu.fc	2008-08-07 11:15:02.000000000 -0400
-+++ serefpolicy-3.6.4/policy/modules/apps/qemu.fc	2009-02-03 22:57:29.000000000 -0500
-@@ -1,2 +1,4 @@
++++ serefpolicy-3.6.4/policy/modules/apps/qemu.fc	2009-02-09 09:21:47.000000000 -0500
+@@ -1,2 +1,6 @@
  /usr/bin/qemu	--	gen_context(system_u:object_r:qemu_exec_t,s0)
  /usr/bin/qemu-kvm --	gen_context(system_u:object_r:qemu_exec_t,s0)
 +
 +/var/cache/libvirt(/.*)? -- gen_context(system_u:object_r:qemu_cache_t,s0)
++
++/var/run/libvirt/qemu(/.*)? -- gen_context(system_u:object_r:qemu_var_run_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.if serefpolicy-3.6.4/policy/modules/apps/qemu.if
 --- nsaserefpolicy/policy/modules/apps/qemu.if	2009-01-19 11:03:28.000000000 -0500
 +++ serefpolicy-3.6.4/policy/modules/apps/qemu.if	2009-02-03 22:57:29.000000000 -0500
@@ -3764,7 +3766,7 @@
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.te serefpolicy-3.6.4/policy/modules/apps/qemu.te
 --- nsaserefpolicy/policy/modules/apps/qemu.te	2009-01-19 11:03:28.000000000 -0500
-+++ serefpolicy-3.6.4/policy/modules/apps/qemu.te	2009-02-03 22:57:29.000000000 -0500
++++ serefpolicy-3.6.4/policy/modules/apps/qemu.te	2009-02-09 09:22:15.000000000 -0500
 @@ -6,6 +6,8 @@
  # Declarations
  #
@@ -3774,7 +3776,7 @@
  ## <desc>
  ## <p>
  ## Allow qemu to connect fully to the network
-@@ -13,28 +15,154 @@
+@@ -13,28 +15,160 @@
  ## </desc>
  gen_tunable(qemu_full_network, false)
  
@@ -3807,6 +3809,9 @@
 +type qemu_cache_t;
 +files_type(qemu_cache_t)
 +
++type qemu_var_run_t;
++files_pid_file(qemu_var_run_t)
++
 +########################################
 +#
 +# qemu common policy
@@ -3823,6 +3828,9 @@
 +manage_files_pattern(qemu_t, qemu_cache_t, qemu_cache_t)
 +files_var_filetrans(qemu_t, qemu_cache_t, { file dir })
 +
++manage_files_pattern(qemu_t, qemu_var_run_t, qemu_var_run_t)
++files_pid_filetrans(qemu_t, qemu_var_run_t, file)
++
 +kernel_read_system_state(qemutype)
 +
 +corenet_all_recvfrom_unlabeled(qemutype)

More information about the scm-commits mailing list