]> git.ipfire.org Git - people/stevee/selinux-policy.git/commitdiff
projects / people / stevee / selinux-policy.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9b087ff)
Allow logrotate_t to read symbolic links with the logrotate_var_lib_t label. One...
authorDan Walsh <dwalsh@redhat.com>
Tue, 12 Jul 2011 18:34:16 +0000 (14:34 -0400)
committerDan Walsh <dwalsh@redhat.com>
Tue, 12 Jul 2011 18:34:16 +0000 (14:34 -0400)
policy/modules/admin/logrotate.te patch | blob | blame | history
policy/modules/services/virt.if patch | blob | blame | history
policy/modules/services/virt.te patch | blob | blame | history

diff --git a/policy/modules/admin/logrotate.te b/policy/modules/admin/logrotate.te
index ee8eaf6bb7938fa531fb854e2d7731554a00a371..6eac7b93e461683e10a701f0a4a139605d8f6a40 100644 (file)
--- a/policy/modules/admin/logrotate.te
+++ b/policy/modules/admin/logrotate.te
@@ -61,6 +61,7 @@ files_tmp_filetrans(logrotate_t, logrotate_tmp_t, { file dir })
 # for /var/lib/logrotate.status and /var/lib/logcheck
 create_dirs_pattern(logrotate_t, logrotate_var_lib_t, logrotate_var_lib_t)
 manage_files_pattern(logrotate_t, logrotate_var_lib_t, logrotate_var_lib_t)
+read_lnk_files_pattern(logrotate_t, logrotate_var_lib_t, logrotate_var_lib_t)
 files_var_lib_filetrans(logrotate_t, logrotate_var_lib_t, file)
 
 kernel_read_system_state(logrotate_t)
diff --git a/policy/modules/services/virt.if b/policy/modules/services/virt.if
index 5c0a7a4d7213c808117396f539be87418ebde27d..411edf394f01d14efab09a7980577e5c57a5000f 100644 (file)
--- a/policy/modules/services/virt.if
+++ b/policy/modules/services/virt.if
@@ -15,6 +15,7 @@ template(`virt_domain_template',`
        gen_require(`
                attribute virt_image_type, virt_domain;
                attribute virt_tmpfs_type;
+               attribute virt_ptynode;
        ')
 
        type $1_t, virt_domain;
@@ -24,7 +25,7 @@ template(`virt_domain_template',`
        mcs_untrusted_proc($1_t)
        role system_r types $1_t;
 
-       type $1_devpts_t;
+       type $1_devpts_t, virt_ptynode;
        term_pty($1_devpts_t)
 
        type $1_tmp_t;
diff --git a/policy/modules/services/virt.te b/policy/modules/services/virt.te
index 4dec4ad2325d40bdbb79bbf12eae6d4e959e1a0f..26cd637f2e052ce0bb48f088bcc713f970b96292 100644 (file)
--- a/policy/modules/services/virt.te
+++ b/policy/modules/services/virt.te
@@ -6,6 +6,7 @@ policy_module(virt, 1.4.0)
 #
 
 attribute virsh_transition_domain;
+attribute virt_ptynode;
 
 ## <desc>
 ##     <p>
@@ -253,6 +254,7 @@ manage_blk_files_pattern(virtd_t, virt_image_type, virt_image_type)
 manage_lnk_files_pattern(virtd_t, virt_image_type, virt_image_type)
 allow virtd_t virt_image_type:file relabel_file_perms;
 allow virtd_t virt_image_type:blk_file relabel_blk_file_perms;
+allow virtd_t virt_ptynode:chr_file { read write };
 
 manage_dirs_pattern(virtd_t, virt_tmp_t, virt_tmp_t)
 manage_files_pattern(virtd_t, virt_tmp_t, virt_tmp_t)
The IPFire selinux policy.