From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-629598-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id A54A9138202
	for <garchives@archives.gentoo.org>; Mon, 23 Sep 2013 06:29:33 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 92B18E09B2;
	Mon, 23 Sep 2013 06:29:28 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	(using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id C08E1E09A9
	for <gentoo-commits@lists.gentoo.org>; Mon, 23 Sep 2013 06:29:27 +0000 (UTC)
Received: from hornbill.gentoo.org (hornbill.gentoo.org [94.100.119.163])
	(using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 85C1033EBE9
	for <gentoo-commits@lists.gentoo.org>; Mon, 23 Sep 2013 06:29:26 +0000 (UTC)
Received: from localhost.localdomain (localhost [127.0.0.1])
	by hornbill.gentoo.org (Postfix) with ESMTP id 3883DE5461
	for <gentoo-commits@lists.gentoo.org>; Mon, 23 Sep 2013 06:29:25 +0000 (UTC)
From: "Sven Vermeulen" <sven.vermeulen@siphos.be>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" <sven.vermeulen@siphos.be>
Message-ID: <1379917605.9c2fcb4cc9c84006d9cb99e67d2ecf56570ea440.SwifT@gentoo>
Subject: [gentoo-commits] proj/hardened-refpolicy:merge commit in: policy/modules/contrib/
X-VCS-Repository: proj/hardened-refpolicy
X-VCS-Files: policy/modules/contrib/virt.te
X-VCS-Directories: policy/modules/contrib/
X-VCS-Committer: SwifT
X-VCS-Committer-Name: Sven Vermeulen
X-VCS-Revision: 9c2fcb4cc9c84006d9cb99e67d2ecf56570ea440
X-VCS-Branch: merge
Date: Mon, 23 Sep 2013 06:29:25 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Archives-Salt: 58941755-8890-4e73-98b2-0f58011dd087
X-Archives-Hash: 9fcbde65852130026d5160eec894eb23
Message-ID: <20130923062925.TagGkLXUdPIHqdHqKPLQ9r2z3Rj2pFZ_Akx3LyaD8Jg@z>

commit:     9c2fcb4cc9c84006d9cb99e67d2ecf56570ea440
Author:     Miroslav Grepl <mgrepl <AT> redhat <DOT> com>
AuthorDate: Fri Aug 23 08:14:08 2013 +0000
Commit:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
CommitDate: Mon Sep 23 06:26:45 2013 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=9c2fcb4c

Allow virtd to relabel unix stream socket

---
 policy/modules/contrib/virt.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/policy/modules/contrib/virt.te b/policy/modules/contrib/virt.te
index 65ede42..3f48d7f 100644
--- a/policy/modules/contrib/virt.te
+++ b/policy/modules/contrib/virt.te
@@ -418,7 +418,7 @@ corenet_tcp_connect_all_ports(svirt_t)
 allow virtd_t self:capability { chown dac_override fowner ipc_lock kill mknod net_admin net_raw setpcap setuid setgid sys_admin sys_nice };
 allow virtd_t self:process { getcap getsched setcap sigkill signal signull execmem setexec setfscreate setsockcreate setsched };
 allow virtd_t self:fifo_file { manage_fifo_file_perms relabelfrom relabelto };
-allow virtd_t self:unix_stream_socket { accept connectto listen };
+allow virtd_t self:unix_stream_socket { accept connectto listen relabelfrom relabelto };
 allow virtd_t self:tcp_socket { accept listen };
 allow virtd_t self:tun_socket { create_socket_perms relabelfrom relabelto };
 allow virtd_t self:rawip_socket create_socket_perms;