[selinux-policy] MCS fixes quota fixes

Daniel J Walsh dwalsh at fedoraproject.org
Fri Nov 4 19:27:09 UTC 2011 

commit 8f22f8efc50f0d0edb96046e97db53edfe9b5d71
Author: Dan Walsh <dwalsh at redhat.com>
Date:   Fri Nov 4 15:27:05 2011 -0400

    MCS fixes
    quota fixes

 execmem.patch |   52 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 qemu.patch    |    2 +-
 2 files changed, 53 insertions(+), 1 deletions(-)
---
diff --git a/execmem.patch b/execmem.patch
index 83360b9..637ff4d 100644
--- a/execmem.patch
+++ b/execmem.patch
@@ -367,3 +367,55 @@ diff -up serefpolicy-3.10.0/policy/modules/system/userdomain.if.execmem serefpol
  		mount_run_fusermount($1_t, $1_r)
  		mount_read_pid_files($1_t)
  	')
+diff -up serefpolicy-3.10.0/policy/modules/system/userdomain.if~ serefpolicy-3.10.0/policy/modules/system/userdomain.if
+--- serefpolicy-3.10.0/policy/modules/system/userdomain.if~	2011-11-04 13:31:34.537348883 -0400
++++ serefpolicy-3.10.0/policy/modules/system/userdomain.if	2011-11-04 15:02:50.404128186 -0400
+@@ -84,7 +84,7 @@ template(`userdom_base_user_template',`
+ ##	The user domain
+ ##	</summary>
+ ## </param>
+-## <rolebase/>
++>## <rolebase/>
+ #
+ interface(`userdom_ro_home_role',`
+ 	gen_require(`
+@@ -4705,3 +4705,39 @@ interface(`userdom_rw_unpriv_user_semaph
+ 
+    allow $1 unpriv_userdomain:sem rw_sem_perms;
+ ')
++
++#######################################
++## <summary>
++##	The Interface gives a domain the privs of a unpriv_userdomain
++## </summary>
++## <param name="userdomain">
++##	<summary>
++##	The user domain
++##	</summary>
++## </param>
++#
++template(`userdom_unpriv_user',`
++	gen_require(`
++		attribute unpriv_userdomain;
++	')
++
++	typeattribute $1 unpriv_userdomain;
++')
++
++#######################################
++## <summary>
++##	The Interface gives a domain the privs of a common_userdomain
++## </summary>
++## <param name="userdomain">
++##	<summary>
++##	The user domain
++##	</summary>
++## </param>
++#
++template(`userdom_common_user',`
++	gen_require(`
++		attribute common_userdomain;
++	')
++
++	typeattribute $1 common_userdomain;
++')
diff --git a/qemu.patch b/qemu.patch
index 0e53c82..60f58b0 100644
--- a/qemu.patch
+++ b/qemu.patch
@@ -71,7 +71,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/virt.te.qemu serefpolicy-3.1
  allow virt_domain virtd_t:fd use;
  dontaudit virt_domain virtd_t:unix_stream_socket { read write };
  
-+can_exec(virt_t, qemu_exec_t)
++can_exec(virtd_t, qemu_exec_t)
 +can_exec(virt_domain, qemu_exec_t)
 +
  allow virtd_t qemu_var_run_t:file relabel_file_perms;

More information about the scm-commits mailing list