storage_raw_read_removable_device(xguest_t)
')
')
-# Dontaudit fusermount
-mount_dontaudit_exec_fusermount(xguest_t)
-allow xguest_t self:process execmem;
+optional_policy(`
+ # Dontaudit fusermount
+ mount_dontaudit_exec_fusermount(xguest_t)
+')
+
kernel_dontaudit_request_load_module(xguest_t)
tunable_policy(`allow_execstack',`
')
optional_policy(`
- chrome_role(xguest_r, xguest_usertype)
+ tunable_policy(`xguest_use_bluetooth',`
+ blueman_dbus_chat(xguest_t)
+ ')
')
-
optional_policy(`
hal_dbus_chat(xguest_t)
')
')
optional_policy(`
- gnome_role(xguest_r, xguest_t)
-')
-
-optional_policy(`
- gnomeclock_dontaudit_dbus_chat(xguest_t)
-')
-
-optional_policy(`
- java_role_template(xguest, xguest_r, xguest_t)
-')
-
-optional_policy(`
- mono_role_template(xguest, xguest_r, xguest_t)
-')
-
-optional_policy(`
- mozilla_run_plugin(xguest_t, xguest_r)
-')
-
-optional_policy(`
- nsplugin_role(xguest_r, xguest_t)
+ pcscd_read_pub_files(xguest_t)
+ pcscd_stream_connect(xguest_t)
')
optional_policy(`
- pcscd_read_pub_files(xguest_usertype)
- pcscd_stream_connect(xguest_usertype)
+ rhsmcertd_dontaudit_dbus_chat(xguest_t)
')
optional_policy(`
tunable_policy(`xguest_connect_network',`
- kernel_read_network_state(xguest_usertype)
+ kernel_read_network_state(xguest_t)
networkmanager_dbus_chat(xguest_t)
networkmanager_read_lib_files(xguest_t)
- corenet_tcp_connect_pulseaudio_port(xguest_usertype)
- corenet_all_recvfrom_unlabeled(xguest_usertype)
- corenet_all_recvfrom_netlabel(xguest_usertype)
- corenet_tcp_sendrecv_generic_if(xguest_usertype)
- corenet_raw_sendrecv_generic_if(xguest_usertype)
- corenet_tcp_sendrecv_generic_node(xguest_usertype)
- corenet_raw_sendrecv_generic_node(xguest_usertype)
- corenet_tcp_sendrecv_http_port(xguest_usertype)
- corenet_tcp_sendrecv_http_cache_port(xguest_usertype)
- corenet_tcp_sendrecv_squid_port(xguest_usertype)
- corenet_tcp_sendrecv_ftp_port(xguest_usertype)
- corenet_tcp_sendrecv_ipp_port(xguest_usertype)
- corenet_tcp_connect_http_port(xguest_usertype)
- corenet_tcp_connect_http_cache_port(xguest_usertype)
- corenet_tcp_connect_squid_port(xguest_usertype)
- corenet_tcp_connect_flash_port(xguest_usertype)
- corenet_tcp_connect_ftp_port(xguest_usertype)
- corenet_tcp_connect_ipp_port(xguest_usertype)
- corenet_tcp_connect_generic_port(xguest_usertype)
- corenet_tcp_connect_soundd_port(xguest_usertype)
- corenet_sendrecv_http_client_packets(xguest_usertype)
- corenet_sendrecv_http_cache_client_packets(xguest_usertype)
- corenet_sendrecv_squid_client_packets(xguest_usertype)
- corenet_sendrecv_ftp_client_packets(xguest_usertype)
- corenet_sendrecv_ipp_client_packets(xguest_usertype)
- corenet_sendrecv_generic_client_packets(xguest_usertype)
+ corenet_tcp_connect_pulseaudio_port(xguest_t)
+ corenet_all_recvfrom_unlabeled(xguest_t)
+ corenet_all_recvfrom_netlabel(xguest_t)
+ corenet_tcp_sendrecv_generic_if(xguest_t)
+ corenet_raw_sendrecv_generic_if(xguest_t)
+ corenet_tcp_sendrecv_generic_node(xguest_t)
+ corenet_raw_sendrecv_generic_node(xguest_t)
+ corenet_tcp_sendrecv_http_port(xguest_t)
+ corenet_tcp_sendrecv_http_cache_port(xguest_t)
+ corenet_tcp_sendrecv_squid_port(xguest_t)
+ corenet_tcp_sendrecv_ftp_port(xguest_t)
+ corenet_tcp_sendrecv_ipp_port(xguest_t)
+ corenet_tcp_connect_http_port(xguest_t)
+ corenet_tcp_connect_http_cache_port(xguest_t)
+ corenet_tcp_connect_squid_port(xguest_t)
+ corenet_tcp_connect_flash_port(xguest_t)
+ corenet_tcp_connect_ftp_port(xguest_t)
+ corenet_tcp_connect_ipp_port(xguest_t)
+ corenet_tcp_connect_generic_port(xguest_t)
+ corenet_tcp_connect_soundd_port(xguest_t)
+ corenet_sendrecv_http_client_packets(xguest_t)
+ corenet_sendrecv_http_cache_client_packets(xguest_t)
+ corenet_sendrecv_squid_client_packets(xguest_t)
+ corenet_sendrecv_ftp_client_packets(xguest_t)
+ corenet_sendrecv_ipp_client_packets(xguest_t)
+ corenet_sendrecv_generic_client_packets(xguest_t)
# Should not need other ports
- corenet_dontaudit_tcp_sendrecv_generic_port(xguest_usertype)
- corenet_dontaudit_tcp_bind_generic_port(xguest_usertype)
- corenet_tcp_connect_speech_port(xguest_usertype)
- corenet_tcp_sendrecv_transproxy_port(xguest_usertype)
- corenet_tcp_connect_transproxy_port(xguest_usertype)
+ corenet_dontaudit_tcp_sendrecv_generic_port(xguest_t)
+ corenet_dontaudit_tcp_bind_generic_port(xguest_t)
+ corenet_tcp_connect_speech_port(xguest_t)
+ corenet_tcp_sendrecv_transproxy_port(xguest_t)
+ corenet_tcp_connect_transproxy_port(xguest_t)
')
-
- optional_policy(`
- telepathy_dbus_session_role(xguest_r, xguest_t)
- ')
-')
-
-optional_policy(`
- gen_require(`
- type mozilla_t;
- ')
-
- allow xguest_t mozilla_t:process transition;
- role xguest_r types mozilla_t;
')
gen_user(xguest_u, user, xguest_r, s0, s0)
projects / people / stevee / selinux-policy.git / blobdiff