[selinux-policy] MCS fixes quota fixes
Daniel J Walsh
dwalsh at fedoraproject.org
Fri Nov 4 19:27:09 UTC 2011
commit 8f22f8efc50f0d0edb96046e97db53edfe9b5d71
Author: Dan Walsh <dwalsh at redhat.com>
Date: Fri Nov 4 15:27:05 2011 -0400
MCS fixes
quota fixes
execmem.patch | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++
qemu.patch | 2 +-
2 files changed, 53 insertions(+), 1 deletions(-)
---
diff --git a/execmem.patch b/execmem.patch
index 83360b9..637ff4d 100644
--- a/execmem.patch
+++ b/execmem.patch
@@ -367,3 +367,55 @@ diff -up serefpolicy-3.10.0/policy/modules/system/userdomain.if.execmem serefpol
mount_run_fusermount($1_t, $1_r)
mount_read_pid_files($1_t)
')
+diff -up serefpolicy-3.10.0/policy/modules/system/userdomain.if~ serefpolicy-3.10.0/policy/modules/system/userdomain.if
+--- serefpolicy-3.10.0/policy/modules/system/userdomain.if~ 2011-11-04 13:31:34.537348883 -0400
++++ serefpolicy-3.10.0/policy/modules/system/userdomain.if 2011-11-04 15:02:50.404128186 -0400
+@@ -84,7 +84,7 @@ template(`userdom_base_user_template',`
+ ## The user domain
+ ## </summary>
+ ## </param>
+-## <rolebase/>
++>## <rolebase/>
+ #
+ interface(`userdom_ro_home_role',`
+ gen_require(`
+@@ -4705,3 +4705,39 @@ interface(`userdom_rw_unpriv_user_semaph
+
+ allow $1 unpriv_userdomain:sem rw_sem_perms;
+ ')
++
++#######################################
++## <summary>
++## The Interface gives a domain the privs of a unpriv_userdomain
++## </summary>
++## <param name="userdomain">
++## <summary>
++## The user domain
++## </summary>
++## </param>
++#
++template(`userdom_unpriv_user',`
++ gen_require(`
++ attribute unpriv_userdomain;
++ ')
++
++ typeattribute $1 unpriv_userdomain;
++')
++
++#######################################
++## <summary>
++## The Interface gives a domain the privs of a common_userdomain
++## </summary>
++## <param name="userdomain">
++## <summary>
++## The user domain
++## </summary>
++## </param>
++#
++template(`userdom_common_user',`
++ gen_require(`
++ attribute common_userdomain;
++ ')
++
++ typeattribute $1 common_userdomain;
++')
diff --git a/qemu.patch b/qemu.patch
index 0e53c82..60f58b0 100644
--- a/qemu.patch
+++ b/qemu.patch
@@ -71,7 +71,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/virt.te.qemu serefpolicy-3.1
allow virt_domain virtd_t:fd use;
dontaudit virt_domain virtd_t:unix_stream_socket { read write };
-+can_exec(virt_t, qemu_exec_t)
++can_exec(virtd_t, qemu_exec_t)
+can_exec(virt_domain, qemu_exec_t)
+
allow virtd_t qemu_var_run_t:file relabel_file_perms;
More information about the scm-commits
mailing list