Changeset 2745

Timestamp:

07/08/08 10:43:41 (5 months ago)

Author:

cpebenito

Message:

rbacsep: update to trunk 2744.

Files:

• branches/rbacsep/Changelog (modified) (2 diffs)
• branches/rbacsep/VERSION (modified) (1 diff)
• branches/rbacsep/doc/policy.dtd (modified) (1 diff)
• branches/rbacsep/doc/templates/interface.html (modified) (2 diffs)
• branches/rbacsep/doc/templates/template.html (modified) (2 diffs)
• branches/rbacsep/policy/modules/admin/acct.te (modified) (1 diff)
• branches/rbacsep/policy/modules/admin/alsa.te (modified) (1 diff)
• branches/rbacsep/policy/modules/admin/amanda.te (modified) (1 diff)
• branches/rbacsep/policy/modules/admin/anaconda.te (modified) (1 diff)
• branches/rbacsep/policy/modules/admin/bootloader.te (modified) (1 diff)
• branches/rbacsep/policy/modules/admin/dmesg.te (modified) (1 diff)
• branches/rbacsep/policy/modules/admin/firstboot.te (modified) (1 diff)
• branches/rbacsep/policy/modules/admin/kudzu.te (modified) (1 diff)
• branches/rbacsep/policy/modules/admin/logrotate.te (modified) (1 diff)
• branches/rbacsep/policy/modules/admin/logwatch.te (modified) (1 diff)
• branches/rbacsep/policy/modules/admin/mrtg.te (modified) (1 diff)
• branches/rbacsep/policy/modules/admin/portage.te (modified) (1 diff)
• branches/rbacsep/policy/modules/admin/readahead.te (modified) (1 diff)
• branches/rbacsep/policy/modules/admin/usermanage.te (modified) (1 diff)
• branches/rbacsep/policy/modules/admin/vbetool.if (modified) (1 diff)
• branches/rbacsep/policy/modules/apps/calamaris.te (modified) (1 diff)
• branches/rbacsep/policy/modules/apps/games.te (modified) (1 diff)
• branches/rbacsep/policy/modules/apps/gpg.te (modified) (1 diff)
• branches/rbacsep/policy/modules/apps/mono.if (modified) (1 diff)
• branches/rbacsep/policy/modules/apps/mono.te (modified) (1 diff)
• branches/rbacsep/policy/modules/apps/podsleuth.fc (copied) (copied from trunk/policy/modules/apps/podsleuth.fc)
• branches/rbacsep/policy/modules/apps/podsleuth.if (copied) (copied from trunk/policy/modules/apps/podsleuth.if)
• branches/rbacsep/policy/modules/apps/podsleuth.te (copied) (copied from trunk/policy/modules/apps/podsleuth.te)
• branches/rbacsep/policy/modules/apps/qemu.fc (copied) (copied from trunk/policy/modules/apps/qemu.fc)
• branches/rbacsep/policy/modules/apps/qemu.if (copied) (copied from trunk/policy/modules/apps/qemu.if)
• branches/rbacsep/policy/modules/apps/qemu.te (copied) (copied from trunk/policy/modules/apps/qemu.te)
• branches/rbacsep/policy/modules/apps/uml.te (modified) (1 diff)
• branches/rbacsep/policy/modules/apps/userhelper.te (modified) (1 diff)
• branches/rbacsep/policy/modules/apps/vmware.fc (modified) (1 diff)
• branches/rbacsep/policy/modules/apps/vmware.if (modified) (1 diff)
• branches/rbacsep/policy/modules/apps/vmware.te (modified) (6 diffs)
• branches/rbacsep/policy/modules/kernel/corecommands.fc (modified) (8 diffs)
• branches/rbacsep/policy/modules/kernel/corecommands.te (modified) (1 diff)
• branches/rbacsep/policy/modules/kernel/filesystem.te (modified) (1 diff)
• branches/rbacsep/policy/modules/kernel/kernel.if (modified) (1 diff)
• branches/rbacsep/policy/modules/kernel/kernel.te (modified) (4 diffs)
• branches/rbacsep/policy/modules/services/afs.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/amavis.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/apache.if (modified) (1 diff)
• branches/rbacsep/policy/modules/services/apache.te (modified) (7 diffs)
• branches/rbacsep/policy/modules/services/apm.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/arpwatch.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/asterisk.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/audioentropy.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/automount.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/avahi.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/bind.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/bluetooth.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/canna.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/comsat.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/courier.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/cpucontrol.if (modified) (1 diff)
• branches/rbacsep/policy/modules/services/cron.if (modified) (1 diff)
• branches/rbacsep/policy/modules/services/cups.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/cyrus.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/dante.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/dbus.if (modified) (1 diff)
• branches/rbacsep/policy/modules/services/dbus.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/dcc.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/ddclient.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/dhcp.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/distcc.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/dnsmasq.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/dovecot.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/exim.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/fetchmail.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/finger.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/ftp.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/gatekeeper.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/gpm.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/hal.fc (modified) (2 diffs)
• branches/rbacsep/policy/modules/services/hal.te (modified) (13 diffs)
• branches/rbacsep/policy/modules/services/howl.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/i18n_input.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/imaze.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/inetd.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/inn.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/ircd.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/irqbalance.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/jabber.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/kerberos.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/ldap.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/lpd.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/mailman.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/monop.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/mta.if (modified) (1 diff)
• branches/rbacsep/policy/modules/services/mta.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/munin.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/mysql.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/nagios.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/nessus.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/networkmanager.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/nis.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/nscd.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/nsd.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/ntop.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/ntp.if (modified) (1 diff)
• branches/rbacsep/policy/modules/services/ntp.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/oav.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/oddjob.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/openct.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/pegasus.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/perdition.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/portmap.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/postfix.fc (modified) (1 diff)
• branches/rbacsep/policy/modules/services/postfix.if (modified) (1 diff)
• branches/rbacsep/policy/modules/services/postfix.te (modified) (3 diffs)
• branches/rbacsep/policy/modules/services/postgresql.fc (modified) (2 diffs)
• branches/rbacsep/policy/modules/services/postgresql.if (modified) (2 diffs)
• branches/rbacsep/policy/modules/services/postgresql.te (modified) (7 diffs)
• branches/rbacsep/policy/modules/services/postgrey.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/ppp.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/prelude.fc (copied) (copied from trunk/policy/modules/services/prelude.fc)
• branches/rbacsep/policy/modules/services/prelude.if (copied) (copied from trunk/policy/modules/services/prelude.if)
• branches/rbacsep/policy/modules/services/prelude.te (copied) (copied from trunk/policy/modules/services/prelude.te)
• branches/rbacsep/policy/modules/services/privoxy.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/procmail.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/pxe.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/pyzor.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/radius.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/radvd.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/rhgb.if (modified) (1 diff)
• branches/rbacsep/policy/modules/services/rhgb.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/rlogin.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/roundup.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/rpc.if (modified) (1 diff)
• branches/rbacsep/policy/modules/services/samba.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/sasl.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/sendmail.if (modified) (1 diff)
• branches/rbacsep/policy/modules/services/sendmail.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/setroubleshoot.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/slrnpull.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/smartmon.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/snmp.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/snort.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/soundserver.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/spamassassin.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/speedtouch.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/squid.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/stunnel.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/sysstat.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/telnet.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/tftp.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/timidity.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/transproxy.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/uptime.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/uwimap.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/virt.fc (copied) (copied from trunk/policy/modules/services/virt.fc)
• branches/rbacsep/policy/modules/services/virt.if (copied) (copied from trunk/policy/modules/services/virt.if)
• branches/rbacsep/policy/modules/services/virt.te (copied) (copied from trunk/policy/modules/services/virt.te)
• branches/rbacsep/policy/modules/services/watchdog.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/xfs.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/xprint.te (modified) (1 diff)
• branches/rbacsep/policy/modules/services/xserver.te (modified) (2 diffs)
• branches/rbacsep/policy/modules/services/zebra.te (modified) (1 diff)
• branches/rbacsep/policy/modules/system/authlogin.te (modified) (1 diff)
• branches/rbacsep/policy/modules/system/hotplug.te (modified) (1 diff)
• branches/rbacsep/policy/modules/system/init.fc (modified) (1 diff)
• branches/rbacsep/policy/modules/system/init.te (modified) (1 diff)
• branches/rbacsep/policy/modules/system/ipsec.te (modified) (1 diff)
• branches/rbacsep/policy/modules/system/libraries.fc (modified) (1 diff)
• branches/rbacsep/policy/modules/system/libraries.te (modified) (2 diffs)
• branches/rbacsep/policy/modules/system/locallogin.te (modified) (1 diff)
• branches/rbacsep/policy/modules/system/logging.te (modified) (1 diff)
• branches/rbacsep/policy/modules/system/lvm.te (modified) (1 diff)
• branches/rbacsep/policy/modules/system/modutils.te (modified) (1 diff)
• branches/rbacsep/policy/modules/system/pcmcia.if (modified) (1 diff)
• branches/rbacsep/policy/modules/system/pcmcia.te (modified) (1 diff)
• branches/rbacsep/policy/modules/system/raid.te (modified) (1 diff)
• branches/rbacsep/policy/modules/system/selinuxutil.te (modified) (1 diff)
• branches/rbacsep/policy/modules/system/setrans.if (modified) (1 diff)
• branches/rbacsep/policy/modules/system/sysnetwork.te (modified) (1 diff)
• branches/rbacsep/policy/modules/system/unconfined.if (modified) (1 diff)
• branches/rbacsep/policy/modules/system/unconfined.te (modified) (1 diff)
• branches/rbacsep/policy/modules/system/userdomain.if (modified) (3 diffs)
• branches/rbacsep/policy/modules/system/userdomain.te (modified) (1 diff)
• branches/rbacsep/policy/modules/system/xen.te (modified) (1 diff)
• branches/rbacsep/policy/users (modified) (1 diff)
• branches/rbacsep/support/sedoctool.py (modified) (2 diffs)

branches/rbacsep/Changelog

@@ +1 @@
+* Wed Jul 02 2008 Chris PeBenito <selinux@tresys.com> - 20080702
+- Fix httpd_enable_homedirs to actually provide the access it is supposed to
+  provide.
+- Add unused interface/template parameter metadata in XML.
+- Patch to handle postfix data_directory from Vaclav Ovsik.
+- SE-Postgresql policy from KaiGai Kohei.
+- Patch for X.org dbus support from Martin Orr.
-- Patch for labeled networking controls in 2.6.25 from Paul Moore.
-- Module loading now requires setsched on kernel threads.
@@ -12 +19 @@
-        kerneloops (Dan Walsh)
-        kismet (Dan Walsh)
+        podsleuth (Dan Walsh)
+        prelude (Dan Walsh)
+        qemu (Dan Walsh)
+        virt (Dan Walsh)
-
-* Wed Apr 02 2008 Chris PeBenito <selinux@tresys.com> - 20080402

branches/rbacsep/VERSION

@@ -1 @@
-4
+7

branches/rbacsep/doc/policy.dtd

@@ -29 +29 @@
-<!ATTLIST param 
-      name CDATA #REQUIRED
-
+
+
-<!ELEMENT infoflow EMPTY>
-<!ATTLIST infoflow 

branches/rbacsep/doc/templates/interface.html

@@ -36 +36 @@
-[[end]]
-<h5>Parameters</h5>
-80
-d><th >Description:</td><th >Optional:</td
+65
+h><th >Description:</th
-[[for arg in int['interface_parameters']]]
-<tr><td>
@@ -43 +43 @@
-</td><td>
-[[arg['desc']]]
-</td><td>
-[[arg['optional']]]
-</td></tr>
-[[end]]

branches/rbacsep/doc/templates/template.html

@@ -36 +36 @@
-[[end]]
-<h5>Parameters</h5>
-80
-d><th >Description:</td><th >Optional:</td
+65
+h><th >Description:</th
-[[for arg in temp['template_parameters']]]
-<tr><td>
@@ -43 +43 @@
-</td><td>
-[[arg['desc']]]
-</td><td>
-[[arg['optional']]]
-</td></tr>
-[[end]]

branches/rbacsep/policy/modules/admin/acct.te

@@ -1 +1 @@
-
-1.1.1
+ 1.2.0
-
-########################################

branches/rbacsep/policy/modules/admin/alsa.te

@@ -1 +1 @@
-
-1.4.1
+ 1.5.0
-
-########################################

branches/rbacsep/policy/modules/admin/amanda.te

@@ -1 +1 @@
-
-1.8.1
+ 1.9.0
-
-#######################################

branches/rbacsep/policy/modules/admin/anaconda.te

@@ -1 +1 @@
-
-1.2.1
+ 1.3.0
-
-########################################

branches/rbacsep/policy/modules/admin/bootloader.te

@@ -1 +1 @@
-
-1.7.1
+ 1.8.0
-
-########################################

branches/rbacsep/policy/modules/admin/dmesg.te

@@ -1 +1 @@
-
-1.1.1
+ 1.2.0
-
-########################################

branches/rbacsep/policy/modules/admin/firstboot.te

@@ -1 +1 @@
-
-1.6.1
+ 1.7.0
-
-gen_require(`

branches/rbacsep/policy/modules/admin/kudzu.te

@@ -1 +1 @@
-
-1.5.1
+ 1.6.0
-
-########################################

branches/rbacsep/policy/modules/admin/logrotate.te

@@ -1 +1 @@
-
-1.8.1
+ 1.9.0
-
-########################################

branches/rbacsep/policy/modules/admin/logwatch.te

@@ -1 +1 @@
-
-1.7.1
+ 1.8.0
-
-#################################

branches/rbacsep/policy/modules/admin/mrtg.te

@@ -1 +1 @@
-
-1.3.1
+ 1.4.0
-
-########################################

branches/rbacsep/policy/modules/admin/portage.te

@@ -1 +1 @@
-
-1.5.2
+ 1.6.0
-
-########################################

branches/rbacsep/policy/modules/admin/readahead.te

@@ -1 +1 @@
-
-1.5.1
+ 1.6.0
-
-########################################

branches/rbacsep/policy/modules/admin/usermanage.te

@@ -1 +1 @@
-
-1.10.1
+ 1.11.0
-
-########################################

branches/rbacsep/policy/modules/admin/vbetool.if

@@ -5 +5 @@
-##      Execute vbetool application in the vbetool domain.
-## </summary>
- optional="true"
+
-##      <summary>
-N/A
+Domain allowed access.
-##      </summary>
-## </param>

branches/rbacsep/policy/modules/apps/calamaris.te

@@ -1 +1 @@
-
-1.2.1
+ 1.3.0
-
-########################################

branches/rbacsep/policy/modules/apps/games.te

@@ -1 +1 @@
-
-1.6.1
+ 1.7.0
-
-########################################

branches/rbacsep/policy/modules/apps/gpg.te

@@ -1 +1 @@
-
-5.1
+6.0
-
-########################################

branches/rbacsep/policy/modules/apps/mono.if

@@ -19 +19 @@
-        domtrans_pattern($1, mono_exec_t, mono_t)
-')
+
+########################################
+## <summary>
+##      Execute the mono program in the caller domain.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+interface(`mono_exec',`
+        gen_require(`
+                type mono_t, mono_exec_t;
+        ')
+
+        corecmd_search_bin($1)
+        can_exec($1, mono_exec_t)
+')

branches/rbacsep/policy/modules/apps/mono.te

@@ -1 +1 @@
-
-1.4.1
+ 1.5.0
-
-########################################

branches/rbacsep/policy/modules/apps/uml.te

@@ -1 +1 @@
-
-1.5.1
+ 1.6.0
-
-########################################

branches/rbacsep/policy/modules/apps/userhelper.te

@@ -1 +1 @@
-
-1.3.1
+ 1.4.0
-
-########################################

branches/rbacsep/policy/modules/apps/vmware.fc

@@ -29 +29 @@
-
-/usr/lib/vmware/config          --      gen_context(system_u:object_r:vmware_sys_conf_t,s0)
+/usr/lib/vmware/bin/vmplayer    --      gen_context(system_u:object_r:vmware_exec_t,s0)
-/usr/lib/vmware/bin/vmware-mks  --      gen_context(system_u:object_r:vmware_exec_t,s0)
-/usr/lib/vmware/bin/vmware-ui   --      gen_context(system_u:object_r:vmware_exec_t,s0)
+/usr/lib/vmware/bin/vmware-vmx  --      gen_context(system_u:object_r:vmware_host_exec_t,s0)
+
+ifdef(`distro_redhat',`
+/usr/lib/vmware-tools/sbin32/vmware.* -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
+/usr/lib/vmware-tools/sbin64/vmware.* -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
+')
-
-/usr/lib64/vmware/config        --      gen_context(system_u:object_r:vmware_sys_conf_t,s0)
-/usr/lib64/vmware/bin/vmware-mks --     gen_context(system_u:object_r:vmware_exec_t,s0)
-/usr/lib64/vmware/bin/vmware-ui --      gen_context(system_u:object_r:vmware_exec_t,s0)
+/usr/lib64/vmware/bin/vmplayer  --      gen_context(system_u:object_r:vmware_exec_t,s0)
+/usr/lib64/vmware/bin/vmware-vmx --     gen_context(system_u:object_r:vmware_host_exec_t,s0)
+
+/usr/sbin/vmware-guest.*        --      gen_context(system_u:object_r:vmware_host_exec_t,s0)
+/usr/sbin/vmware-serverd        --      gen_context(system_u:object_r:vmware_exec_t,s0)
-
-ifdef(`distro_gentoo',`
-workstation
-workstation/bin/vmnet-dhcpd        
-workstation
-workstation
-workstation
-workstation/bin/vmware-nmbd        
-workstation/bin/vmware-ping        
-workstation/bin/vmware-smbd        
-workstation
-workstation
-workstation
-workstation/bin/vmware     
+(workstation|player)
+(workstation|player)/bin/vmnet-dhcpd 
+(workstation|player)
+(workstation|player)
+(workstation|player)
+(workstation|player)/bin/vmware-nmbd 
+(workstation|player)/bin/vmware-ping 
+(workstation|player)/bin/vmware-smbd 
+(workstation|player)
+(workstation|player)
+(workstation|player)
+(workstation|player)/bin/vmware 
-')
+
+/var/log/vmware.*               --      gen_context(system_u:object_r:vmware_log_t,s0)
+
+/var/run/vmnat.*                -s      gen_context(system_u:object_r:vmware_var_run_t,s0)
+/var/run/vmware.*                       gen_context(system_u:object_r:vmware_var_run_t,s0)

branches/rbacsep/policy/modules/apps/vmware.if

@@ -70 +70 @@
-        allow $1 vmware_sys_conf_t:file append;
-')
+
+########################################
+## <summary>
+##      Append to VMWare log files.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+interface(`vmware_append_log',`
+        gen_require(`
+                type vmware_log_t;
+        ')
+
+        logging_search_logs($1)
+        append_files_pattern($1, vmware_log_t, vmware_log_t)
+')

branches/rbacsep/policy/modules/apps/vmware.te

@@ -1 +1 @@
-
-1.5.1
+ 1.6.0
-
-########################################
@@ -26 +26 @@
-files_pid_file(vmware_host_pid_t)
-
+type vmware_log_t;
+logging_log_file(vmware_log_t)
+
-type vmware_pid_t;
-files_pid_file(vmware_pid_t)
@@ -44 +47 @@
-#
-
-
+gid set
-dontaudit vmware_host_t self:capability sys_tty_config;
-allow vmware_host_t self:process signal_perms;
@@ -50 +53 @@
-allow vmware_host_t self:unix_stream_socket create_stream_socket_perms;
-allow vmware_host_t self:rawip_socket create_socket_perms;
+allow vmware_host_t self:tcp_so