Changeset 2722
- Timestamp:
- 06/18/08 10:35:49
(4 months ago)
- Author:
- cpebenito
- Message:
trunk: pull in most of dans vmware patch.
-
Files:
-
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
| r2709 |
r2722 |
|
| 29 | 29 | |
|---|
| 30 | 30 | /usr/lib/vmware/config -- gen_context(system_u:object_r:vmware_sys_conf_t,s0) |
|---|
| | 31 | /usr/lib/vmware/bin/vmplayer -- gen_context(system_u:object_r:vmware_exec_t,s0) |
|---|
| 31 | 32 | /usr/lib/vmware/bin/vmware-mks -- gen_context(system_u:object_r:vmware_exec_t,s0) |
|---|
| 32 | 33 | /usr/lib/vmware/bin/vmware-ui -- gen_context(system_u:object_r:vmware_exec_t,s0) |
|---|
| | 34 | /usr/lib/vmware/bin/vmware-vmx -- gen_context(system_u:object_r:vmware_host_exec_t,s0) |
|---|
| | 35 | |
|---|
| | 36 | ifdef(`distro_redhat',` |
|---|
| | 37 | /usr/lib/vmware-tools/sbin32/vmware.* -- gen_context(system_u:object_r:vmware_host_exec_t,s0) |
|---|
| | 38 | /usr/lib/vmware-tools/sbin64/vmware.* -- gen_context(system_u:object_r:vmware_host_exec_t,s0) |
|---|
| | 39 | ') |
|---|
| 33 | 40 | |
|---|
| 34 | 41 | /usr/lib64/vmware/config -- gen_context(system_u:object_r:vmware_sys_conf_t,s0) |
|---|
| 35 | 42 | /usr/lib64/vmware/bin/vmware-mks -- gen_context(system_u:object_r:vmware_exec_t,s0) |
|---|
| 36 | 43 | /usr/lib64/vmware/bin/vmware-ui -- gen_context(system_u:object_r:vmware_exec_t,s0) |
|---|
| | 44 | /usr/lib64/vmware/bin/vmplayer -- gen_context(system_u:object_r:vmware_exec_t,s0) |
|---|
| | 45 | /usr/lib64/vmware/bin/vmware-vmx -- gen_context(system_u:object_r:vmware_host_exec_t,s0) |
|---|
| | 46 | |
|---|
| | 47 | /usr/sbin/vmware-guest.* -- gen_context(system_u:object_r:vmware_host_exec_t,s0) |
|---|
| | 48 | /usr/sbin/vmware-serverd -- gen_context(system_u:object_r:vmware_exec_t,s0) |
|---|
| 37 | 49 | |
|---|
| 38 | 50 | ifdef(`distro_gentoo',` |
|---|
| … | … | |
| 50 | 62 | /opt/vmware/(workstation|player)/bin/vmware -- gen_context(system_u:object_r:vmware_exec_t,s0) |
|---|
| 51 | 63 | ') |
|---|
| | 64 | |
|---|
| | 65 | /var/log/vmware.* -- gen_context(system_u:object_r:vmware_log_t,s0) |
|---|
| | 66 | |
|---|
| | 67 | /var/run/vmnat.* -s gen_context(system_u:object_r:vmware_var_run_t,s0) |
|---|
| | 68 | /var/run/vmware.* gen_context(system_u:object_r:vmware_var_run_t,s0) |
|---|
| r2655 |
r2722 |
|
| 203 | 203 | allow $1 vmware_sys_conf_t:file append; |
|---|
| 204 | 204 | ') |
|---|
| | 205 | |
|---|
| | 206 | ######################################## |
|---|
| | 207 | ## <summary> |
|---|
| | 208 | ## Append to VMWare log files. |
|---|
| | 209 | ## </summary> |
|---|
| | 210 | ## <param name="domain"> |
|---|
| | 211 | ## <summary> |
|---|
| | 212 | ## Domain allowed access. |
|---|
| | 213 | ## </summary> |
|---|
| | 214 | ## </param> |
|---|
| | 215 | # |
|---|
| | 216 | interface(`vmware_append_log',` |
|---|
| | 217 | gen_require(` |
|---|
| | 218 | type vmware_log_t; |
|---|
| | 219 | ') |
|---|
| | 220 | |
|---|
| | 221 | logging_search_logs($1) |
|---|
| | 222 | append_files_pattern($1, vmware_log_t, vmware_log_t) |
|---|
| | 223 | ') |
|---|
| r2709 |
r2722 |
|
| 1 | 1 | |
|---|
| 2 | | policy_module(vmware,1.5.2) |
|---|
| | 2 | policy_module(vmware, 1.5.3) |
|---|
| 3 | 3 | |
|---|
| 4 | 4 | ######################################## |
|---|
| … | … | |
| 16 | 16 | init_daemon_domain(vmware_host_t,vmware_host_exec_t) |
|---|
| 17 | 17 | |
|---|
| | 18 | type vmware_log_t; |
|---|
| | 19 | logging_log_file(vmware_log_t) |
|---|
| | 20 | |
|---|
| 18 | 21 | # Systemwide configuration files |
|---|
| 19 | 22 | type vmware_sys_conf_t; |
|---|
| … | … | |
| 28 | 31 | # |
|---|
| 29 | 32 | |
|---|
| 30 | | allow vmware_host_t self:capability { set |
|---|
| | 33 | allow vmware_host_t self:capability { setgid setuid net_raw }; |
|---|
| 31 | 34 | dontaudit vmware_host_t self:capability sys_tty_config; |
|---|
| 32 | 35 | allow vmware_host_t self:process signal_perms; |
|---|
| … | … | |
| 34 | 37 | allow vmware_host_t self:unix_stream_socket create_stream_socket_perms; |
|---|
| 35 | 38 | allow vmware_host_t self:rawip_socket create_socket_perms; |
|---|
| | 39 | allow vmware_host_t self:tcp_socket create_socket_perms; |
|---|
| 36 | 40 | |
|---|
| 37 | 41 | # cjp: the ro and rw files should be split up |
|---|
| … | … | |
| 41 | 45 | manage_sock_files_pattern(vmware_host_t,vmware_var_run_t,vmware_var_run_t) |
|---|
| 42 | 46 | files_pid_filetrans(vmware_host_t,vmware_var_run_t,{ file sock_file }) |
|---|
| | 47 | |
|---|
| | 48 | manage_files_pattern(vmware_host_t, vmware_log_t, vmware_log_t) |
|---|
| | 49 | logging_log_filetrans(vmware_host_t, vmware_log_t, { file dir }) |
|---|
| 43 | 50 | |
|---|
| 44 | 51 | kernel_read_kernel_sysctls(vmware_host_t) |
|---|
| … | … | |
| 64 | 71 | |
|---|
| 65 | 72 | dev_read_sysfs(vmware_host_t) |
|---|
| | 73 | dev_read_urand(vmware_host_t) |
|---|
| 66 | 74 | dev_rw_vmware(vmware_host_t) |
|---|
| 67 | 75 | |
|---|
| … | … | |
| 91 | 99 | sysadm_dontaudit_search_home_dirs(vmware_host_t) |
|---|
| 92 | 100 | |
|---|
| | 101 | netutils_domtrans_ping(vmware_host_t) |
|---|
| | 102 | |
|---|
| 93 | 103 | optional_policy(` |
|---|
| 94 | 104 | seutil_sigchld_newrole(vmware_host_t) |
|---|
| … | … | |
| 99 | 109 | udev_read_db(vmware_host_t) |
|---|
| 100 | 110 | ') |
|---|
| 101 | | netutils_domtrans_ping(vmware_host_t) |
|---|
| 102 | | |
|---|
| 103 | | ifdef(`TODO',` |
|---|
| 104 | | # VMWare need access to pcmcia devices for network |
|---|
| 105 | | optional_policy(` |
|---|
| 106 | | allow kernel_t cardmgr_var_lib_t:dir { getattr search }; |
|---|
| 107 | | allow kernel_t cardmgr_var_lib_t:file { getattr ioctl read }; |
|---|
| 108 | | ') |
|---|
| 109 | | # Vmware create network devices |
|---|
| 110 | | allow kernel_t self:capability net_admin; |
|---|
| 111 | | allow kernel_t self:netlink_route_socket { bind create getattr nlmsg_read nlmsg_write read write }; |
|---|
| 112 | | allow kernel_t self:socket create; |
|---|
| 113 | | ') |
|---|
Download in other formats:
* Generating other formats may take time.
