From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 535D0138010 for ; Tue, 30 Oct 2012 19:20:23 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 7848AE06F3; Tue, 30 Oct 2012 19:20:03 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id C2271E06EE for ; Tue, 30 Oct 2012 19:20:02 +0000 (UTC) Received: from hornbill.gentoo.org (hornbill.gentoo.org [94.100.119.163]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 96D7333D8A8 for ; Tue, 30 Oct 2012 19:20:01 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by hornbill.gentoo.org (Postfix) with ESMTP id 2E793E543D for ; Tue, 30 Oct 2012 19:20:00 +0000 (UTC) From: "Sven Vermeulen" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" Message-ID: <1351624630.a66c53c108ac486dc047bed213581906c0bacda6.SwifT@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/contrib/virt.te X-VCS-Directories: policy/modules/contrib/ X-VCS-Committer: SwifT X-VCS-Committer-Name: Sven Vermeulen X-VCS-Revision: a66c53c108ac486dc047bed213581906c0bacda6 X-VCS-Branch: master Date: Tue, 30 Oct 2012 19:20:00 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: fcc16f89-c3d5-49f4-81d5-f04e220ec1a6 X-Archives-Hash: e5577bfaad1510c5917722f8d685ce9e commit: a66c53c108ac486dc047bed213581906c0bacda6 Author: Dominick Grift gmail com> AuthorDate: Tue Oct 30 18:57:54 2012 +0000 Commit: Sven Vermeulen siphos be> CommitDate: Tue Oct 30 19:17:10 2012 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=a66c53c1 Changes to the virt policy module These are now available Signed-off-by: Dominick Grift gmail.com> --- policy/modules/contrib/virt.te | 24 ++++++++++++------------ 1 files changed, 12 insertions(+), 12 deletions(-) diff --git a/policy/modules/contrib/virt.te b/policy/modules/contrib/virt.te index 7bfe3f9..549125e 100644 --- a/policy/modules/contrib/virt.te +++ b/policy/modules/contrib/virt.te @@ -1,4 +1,4 @@ -policy_module(virt, 1.5.9) +policy_module(virt, 1.6.0) ######################################## # @@ -619,7 +619,7 @@ seutil_read_config(virtd_t) seutil_read_default_contexts(virtd_t) seutil_read_file_contexts(virtd_t) -# sysnet_signull_ifconfig(virtd_t) +sysnet_signull_ifconfig(virtd_t) sysnet_signal_ifconfig(virtd_t) sysnet_domtrans_ifconfig(virtd_t) @@ -941,11 +941,11 @@ dev_read_urand(virtd_lxc_t) domain_use_interactive_fds(virtd_lxc_t) -# files_associate_rootfs(svirt_lxc_file_t) +files_associate_rootfs(svirt_lxc_file_t) files_search_all(virtd_lxc_t) files_getattr_all_files(virtd_lxc_t) files_read_usr_files(virtd_lxc_t) -# files_relabel_rootfs(virtd_lxc_t) +files_relabel_rootfs(virtd_lxc_t) files_mounton_non_security(virtd_lxc_t) files_mount_all_file_type_fs(virtd_lxc_t) files_unmount_all_file_type_fs(virtd_lxc_t) @@ -957,11 +957,11 @@ fs_manage_tmpfs_dirs(virtd_lxc_t) fs_manage_tmpfs_chr_files(virtd_lxc_t) fs_manage_tmpfs_symlinks(virtd_lxc_t) fs_manage_cgroup_dirs(virtd_lxc_t) -# fs_mounton_tmpfs(virtd_lxc_t) +fs_mounton_tmpfs(virtd_lxc_t) fs_remount_all_fs(virtd_lxc_t) fs_rw_cgroup_files(virtd_lxc_t) fs_unmount_all_fs(virtd_lxc_t) -# fs_relabelfrom_tmpfs(virtd_lxc_t) +fs_relabelfrom_tmpfs(virtd_lxc_t) selinux_mount_fs(virtd_lxc_t) selinux_unmount_fs(virtd_lxc_t) @@ -975,7 +975,7 @@ selinux_compute_user_contexts(virtd_lxc_t) term_use_generic_ptys(virtd_lxc_t) term_use_ptmx(virtd_lxc_t) -# term_relabel_pty_fs(virtd_lxc_t) +term_relabel_pty_fs(virtd_lxc_t) auth_use_nsswitch(virtd_lxc_t) @@ -1045,7 +1045,7 @@ files_dontaudit_getattr_all_symlinks(svirt_lxc_domain) files_dontaudit_getattr_all_pipes(svirt_lxc_domain) files_dontaudit_getattr_all_sockets(svirt_lxc_domain) files_dontaudit_list_all_mountpoints(svirt_lxc_domain) -# files_dontaudit_write_etc_runtime_files(svirt_lxc_domain) +files_dontaudit_write_etc_runtime_files(svirt_lxc_domain) # files_entrypoint_all_files(svirt_lxc_domain) files_list_var(svirt_lxc_domain) files_list_var_lib(svirt_lxc_domain) @@ -1065,7 +1065,7 @@ auth_dontaudit_read_login_records(svirt_lxc_domain) auth_dontaudit_write_login_records(svirt_lxc_domain) auth_search_pam_console_data(svirt_lxc_domain) -# clock_read_adjtime(svirt_lxc_domain) +clock_read_adjtime(svirt_lxc_domain) init_read_utmp(svirt_lxc_domain) init_dontaudit_write_utmp(svirt_lxc_domain) @@ -1078,9 +1078,9 @@ miscfiles_read_fonts(svirt_lxc_domain) mta_dontaudit_read_spool_symlinks(svirt_lxc_domain) -# optional_policy(` -# udev_read_pid_files(svirt_lxc_domain) -# ') +optional_policy(` + udev_read_pid_files(svirt_lxc_domain) +') optional_policy(` apache_exec_modules(svirt_lxc_domain)