Archives
Archives
| From: | "Anthony G. Basile (blueness)" <blueness@g.o> |
|---|---|
| To: | gentoo-commits@l.g.o |
| Subject: | [gentoo-commits] gentoo-x86 commit in sec-policy/selinux-qemu/files: fix-apps-qemu.patch |
| Date: | Sat, 05 Feb 2011 20:42:03 |
| Message-Id: | 20110205204104.4FB4520060@flycatcher.gentoo.org |
| 1 | blueness 11/02/05 20:41:04 |
| 2 | |
| 3 | Added: fix-apps-qemu.patch |
| 4 | Log: |
| 5 | Bulk addition of new selinux policies. |
| 6 | |
| 7 | (Portage version: 2.1.9.25/cvs/Linux x86_64) |
| 8 | |
| 9 | Revision Changes Path |
| 10 | 1.1 sec-policy/selinux-qemu/files/fix-apps-qemu.patch |
| 11 | |
| 12 | file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-qemu/files/fix-apps-qemu.patch?rev=1.1&view=markup |
| 13 | plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-qemu/files/fix-apps-qemu.patch?rev=1.1&content-type=text/plain |
| 14 | |
| 15 | Index: fix-apps-qemu.patch |
| 16 | =================================================================== |
| 17 | --- apps/qemu.te 2010-12-13 15:11:01.000000000 +0100 |
| 18 | +++ apps/qemu.te 2011-01-22 21:35:19.555999967 +0100 |
| 19 | @@ -56,6 +56,10 @@ |
| 20 | userdom_search_user_home_content(qemu_t) |
| 21 | userdom_read_user_tmpfs_files(qemu_t) |
| 22 | |
| 23 | +allow qemu_t self:socket create_socket_perms; |
| 24 | + |
| 25 | +kernel_request_load_module(qemu_t) |
| 26 | + |
| 27 | tunable_policy(`qemu_full_network',` |
| 28 | allow qemu_t self:udp_socket create_socket_perms; |
| 29 | |
| 30 | @@ -116,3 +120,7 @@ |
| 31 | allow unconfined_qemu_t self:process { execstack execmem }; |
| 32 | allow unconfined_qemu_t qemu_exec_t:file execmod; |
| 33 | ') |
| 34 | + |
| 35 | +optional_policy(` |
| 36 | + vde_connect(qemu_t) |
| 37 | +') |