packages/selinux-policy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add qemu_exec_t for stratovirt.

Browse Source 
Signed-off-by: Ming Yang <yangming73@huawei.com>
This commit is contained in:
Ming Yang 2021-08-20 14:17:15 +08:00
parent ee95a508ef
commit a7e58912d2
2 changed files with 30 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
add-qemu_exec_t-for-stratovirt.patch Normal file
View File

@ -0,0 +1,25 @@
From 601ffc24a1d00f20833eb104913634dedb51b95d Mon Sep 17 00:00:00 2001
From: root <root@localhost.localdomain>
Date: Fri, 20 Aug 2021 10:50:31 +0800
Subject: [PATCH] add qemu_exec_t for stratovirt
Signed-off-by: root <root@localhost.localdomain>
---
policy/modules/contrib/virt.fc | 1 +
1 file changed, 1 insertion(+)
diff --git a/policy/modules/contrib/virt.fc b/policy/modules/contrib/virt.fc
index d12dac0..c12f009 100644
--- a/policy/modules/contrib/virt.fc
+++ b/policy/modules/contrib/virt.fc
@@ -100,6 +100,7 @@ HOME_DIR/\.local/share/libvirt/boot(/.*)? gen_context(system_u:object_r:svirt_
/usr/bin/qemu-system-.* -- gen_context(system_u:object_r:qemu_exec_t,s0)
/usr/bin/qemu-kvm -- gen_context(system_u:object_r:qemu_exec_t,s0)
/usr/libexec/qemu.* -- gen_context(system_u:object_r:qemu_exec_t,s0)
+/usr/bin/stratovirt -- gen_context(system_u:object_r:qemu_exec_t,s0)
/etc/qemu-ga/fsfreeze-hook.d(/.*)? gen_context(system_u:object_r:virt_qemu_ga_unconfined_exec_t,s0)
/usr/libexec/qemu-ga/fsfreeze-hook.d(/.*)? gen_context(system_u:object_r:virt_qemu_ga_unconfined_exec_t,s0)
--
2.30.0

6
selinux-policy.spec
View File

@ -12,7 +12,7 @@
Summary: SELinux policy configuration Summary: SELinux policy configuration
Name: selinux-policy Name: selinux-policy
Version: 3.14.2 Version: 3.14.2
Release: 71 Release: 72
License: GPLv2+ License: GPLv2+
URL: https://github.com/fedora-selinux/selinux-policy/ URL: https://github.com/fedora-selinux/selinux-policy/
@ -112,6 +112,7 @@ Patch6035: backport-Create-chronyd_pid_filetrans-interface.patch
Patch6036: backport-iptables.fc-Remove-duplicate-file-context-entries.patch Patch6036: backport-iptables.fc-Remove-duplicate-file-context-entries.patch
Patch6037: backport-iptables.fc-Add-missing-legacy-entries.patch Patch6037: backport-iptables.fc-Add-missing-legacy-entries.patch
Patch6038: backport-iptables.fc-Add-missing-legacy-restore-and-legacy-sa.patch Patch6038: backport-iptables.fc-Add-missing-legacy-restore-and-legacy-sa.patch
Patch6039: add-qemu_exec_t-for-stratovirt.patch
BuildArch: noarch BuildArch: noarch
BuildRequires: python3 gawk checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils-devel >= %{POLICYCOREUTILSVER} bzip2 gcc BuildRequires: python3 gawk checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils-devel >= %{POLICYCOREUTILSVER} bzip2 gcc
@ -778,6 +779,9 @@ exit 0
%endif %endif
%changelog %changelog
* Fri Aug 20 2021 mingyang <yangming73@huawei.com> -3.14.2-72
- Add qemu_exec_t for stratovirt
* Thu Jul 22 2021 lujie42 <572084868@qq.com> - 3.14.2-71 * Thu Jul 22 2021 lujie42 <572084868@qq.com> - 3.14.2-71
- Add weak dep of selinux-policy-targeted - Add weak dep of selinux-policy-targeted