diff options
| author |   Anthony G. Basile <blueness@gentoo.org> | 2011-02-05 20:41:06 +0000 |
|---|---|---|
| committer | Anthony G. Basile <blueness@gentoo.org> | 2011-02-05 20:41:06 +0000 |
| commit | af88519ebd969fe6ea8faa811812f13dbaef903e (patch) | |
| tree | 512d24edcf8f63f0135a8d80d536cd736985e2aa /sec-policy/selinux-qemu | |
| parent | Add ~amd64-linux/~x86-linux, use ED instead of D in a couple places (diff) | |
| download | historical-af88519ebd969fe6ea8faa811812f13dbaef903e.tar.gz historical-af88519ebd969fe6ea8faa811812f13dbaef903e.tar.bz2 historical-af88519ebd969fe6ea8faa811812f13dbaef903e.zip | |
Bulk addition of new selinux policies.
Package-Manager: portage-2.1.9.25/cvs/Linux x86_64
Diffstat (limited to 'sec-policy/selinux-qemu')
| -rw-r--r-- | sec-policy/selinux-qemu/ChangeLog | 13 | ||||
| -rw-r--r-- | sec-policy/selinux-qemu/files/fix-apps-qemu.patch | 21 | ||||
| -rw-r--r-- | sec-policy/selinux-qemu/metadata.xml | 6 | ||||
| -rw-r--r-- | sec-policy/selinux-qemu/selinux-qemu-2.20101213.ebuild | 14 |
4 files changed, 54 insertions, 0 deletions
diff --git a/sec-policy/selinux-qemu/ChangeLog b/sec-policy/selinux-qemu/ChangeLog new file mode 100644 index 000000000000..f9f57b57096c --- /dev/null +++ b/sec-policy/selinux-qemu/ChangeLog @@ -0,0 +1,13 @@ +# ChangeLog for sec-policy/selinux-qemu +# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-qemu/ChangeLog,v 1.1 2011/02/05 20:41:04 blueness Exp $ + + 05 Feb 2011; Anthony G. Basile <blueness@gentoo.org> ChangeLog: + Initial commit to portage. + +*selinux-qemu-2.20101213 (22 Jan 2011) + + 22 Jan 2011; <swift@gentoo.org> +selinux-qemu-2.20101213.ebuild, + +files/fix-apps-qemu.patch, +metadata.xml: + Adding SELinux policy for QEMU + diff --git a/sec-policy/selinux-qemu/files/fix-apps-qemu.patch b/sec-policy/selinux-qemu/files/fix-apps-qemu.patch new file mode 100644 index 000000000000..9e15caa1923a --- /dev/null +++ b/sec-policy/selinux-qemu/files/fix-apps-qemu.patch @@ -0,0 +1,21 @@ +--- apps/qemu.te 2010-12-13 15:11:01.000000000 +0100 ++++ apps/qemu.te 2011-01-22 21:35:19.555999967 +0100 +@@ -56,6 +56,10 @@ + userdom_search_user_home_content(qemu_t) + userdom_read_user_tmpfs_files(qemu_t) + ++allow qemu_t self:socket create_socket_perms; ++ ++kernel_request_load_module(qemu_t) ++ + tunable_policy(`qemu_full_network',` + allow qemu_t self:udp_socket create_socket_perms; + +@@ -116,3 +120,7 @@ + allow unconfined_qemu_t self:process { execstack execmem }; + allow unconfined_qemu_t qemu_exec_t:file execmod; + ') ++ ++optional_policy(` ++ vde_connect(qemu_t) ++') diff --git a/sec-policy/selinux-qemu/metadata.xml b/sec-policy/selinux-qemu/metadata.xml new file mode 100644 index 000000000000..d53a19c789c7 --- /dev/null +++ b/sec-policy/selinux-qemu/metadata.xml @@ -0,0 +1,6 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> +<herd>hardened</herd> +<longdescription>Gentoo SELinux policy for the QEMU tools</longdescription> +</pkgmetadata> diff --git a/sec-policy/selinux-qemu/selinux-qemu-2.20101213.ebuild b/sec-policy/selinux-qemu/selinux-qemu-2.20101213.ebuild new file mode 100644 index 000000000000..08bf6a50ac05 --- /dev/null +++ b/sec-policy/selinux-qemu/selinux-qemu-2.20101213.ebuild @@ -0,0 +1,14 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-qemu/selinux-qemu-2.20101213.ebuild,v 1.1 2011/02/05 20:41:04 blueness Exp $ + +IUSE="" + +MODS="qemu" + +inherit selinux-policy-2 + +DESCRIPTION="SELinux policy for general applications" + +KEYWORDS="~amd64 ~x86" +POLICY_PATCH="${FILESDIR}/fix-apps-qemu.patch" |