Tree - rpms/selinux-policy - src.fedoraproject.org

psss / rpms / selinux-policy

Forked from rpms/selinux-policy 5 years ago

Blame qemu.te

Blob History Raw

Chris PeBenito	67b7e79	`policy_module(qemu, 1.7.1)`
Chris PeBenito	9401ae1
Chris PeBenito	9401ae1	`########################################`
Chris PeBenito	9401ae1	`#`
Chris PeBenito	9401ae1	`# Declarations`
Chris PeBenito	9401ae1	`#`
Chris PeBenito	9401ae1
Chris PeBenito	9401ae1	`## <desc>`
Chris PeBenito	9401ae1	`##`
Chris PeBenito	9401ae1	`## Allow qemu to connect fully to the network`
Chris PeBenito	9401ae1	`##`
Chris PeBenito	9401ae1	`## </desc>`
Chris PeBenito	9401ae1	`gen_tunable(qemu_full_network, false)`
Chris PeBenito	9401ae1
Chris PeBenito	9401ae1	`## <desc>`
Chris PeBenito	9401ae1	`##`
Chris PeBenito	9401ae1	`## Allow qemu to use cifs/Samba file systems`
Chris PeBenito	9401ae1	`##`
Chris PeBenito	9401ae1	`## </desc>`
Chris PeBenito	89c62b6	`gen_tunable(qemu_use_cifs, false)`
Chris PeBenito	9401ae1
Chris PeBenito	9401ae1	`## <desc>`
Chris PeBenito	9401ae1	`##`
Chris PeBenito	9401ae1	`## Allow qemu to use serial/parallel communication ports`
Chris PeBenito	9401ae1	`##`
Chris PeBenito	9401ae1	`## </desc>`
Chris PeBenito	9401ae1	`gen_tunable(qemu_use_comm, false)`
Chris PeBenito	9401ae1
Chris PeBenito	9401ae1	`## <desc>`
Chris PeBenito	9401ae1	`##`
Chris PeBenito	9401ae1	`## Allow qemu to use nfs file systems`
Chris PeBenito	9401ae1	`##`
Chris PeBenito	9401ae1	`## </desc>`
Chris PeBenito	89c62b6	`gen_tunable(qemu_use_nfs, false)`
Chris PeBenito	9401ae1
Chris PeBenito	9401ae1	`## <desc>`
Chris PeBenito	9401ae1	`##`
Chris PeBenito	9401ae1	`## Allow qemu to use usb devices`
Chris PeBenito	9401ae1	`##`
Chris PeBenito	9401ae1	`## </desc>`
Chris PeBenito	89c62b6	`gen_tunable(qemu_use_usb, false)`
Chris PeBenito	9401ae1
Chris PeBenito	9401ae1	`type qemu_exec_t;`
Chris PeBenito	9401ae1	`virt_domain_template(qemu)`
Chris PeBenito	9401ae1	`application_domain(qemu_t, qemu_exec_t)`
Chris PeBenito	9401ae1	`role system_r types qemu_t;`
Chris PeBenito	9401ae1
Chris PeBenito	9401ae1	`########################################`
Chris PeBenito	9401ae1	`#`
Chris PeBenito	9401ae1	`# qemu local policy`
Chris PeBenito	9401ae1	`#`
Chris PeBenito	9401ae1
Sven Vermeulen	adc8b9c	`can_exec(qemu_t, qemu_exec_t)`
Sven Vermeulen	adc8b9c
Chris PeBenito	9401ae1	`storage_raw_write_removable_device(qemu_t)`
Chris PeBenito	9401ae1	`storage_raw_read_removable_device(qemu_t)`
Chris PeBenito	9401ae1
Chris PeBenito	9401ae1	`userdom_search_user_home_content(qemu_t)`
Chris PeBenito	9401ae1	`userdom_read_user_tmpfs_files(qemu_t)`
Chris PeBenito	9401ae1
Chris PeBenito	9401ae1	tunable_policy(`qemu_full_network',`
Chris PeBenito	9401ae1	`allow qemu_t self:udp_socket create_socket_perms;`
Chris PeBenito	9401ae1
Chris PeBenito	9401ae1	`corenet_udp_sendrecv_generic_if(qemu_t)`
Chris PeBenito	9401ae1	`corenet_udp_sendrecv_generic_node(qemu_t)`
Chris PeBenito	9401ae1	`corenet_udp_sendrecv_all_ports(qemu_t)`
Chris PeBenito	9401ae1	`corenet_udp_bind_generic_node(qemu_t)`
Chris PeBenito	9401ae1	`corenet_udp_bind_all_ports(qemu_t)`
Chris PeBenito	9401ae1	`corenet_tcp_bind_all_ports(qemu_t)`
Chris PeBenito	9401ae1	`corenet_tcp_connect_all_ports(qemu_t)`
Chris PeBenito	9401ae1	`')`
Chris PeBenito	9401ae1
Chris PeBenito	9401ae1	tunable_policy(`qemu_use_cifs',`
Chris PeBenito	9401ae1	`fs_manage_cifs_dirs(qemu_t)`
Chris PeBenito	9401ae1	`fs_manage_cifs_files(qemu_t)`
Chris PeBenito	9401ae1	`')`
Chris PeBenito	9401ae1
Chris PeBenito	9401ae1	tunable_policy(`qemu_use_comm',`
Chris PeBenito	9401ae1	`term_use_unallocated_ttys(qemu_t)`
Chris PeBenito	9401ae1	`dev_rw_printer(qemu_t)`
Chris PeBenito	9401ae1	`')`
Chris PeBenito	9401ae1
Chris PeBenito	9401ae1	tunable_policy(`qemu_use_nfs',`
Chris PeBenito	9401ae1	`fs_manage_nfs_dirs(qemu_t)`
Chris PeBenito	9401ae1	`fs_manage_nfs_files(qemu_t)`
Chris PeBenito	9401ae1	`')`
Chris PeBenito	9401ae1
Chris PeBenito	9401ae1	tunable_policy(`qemu_use_usb',`
Chris PeBenito	9401ae1	`dev_rw_usbfs(qemu_t)`
Chris PeBenito	9401ae1	`fs_manage_dos_dirs(qemu_t)`
Chris PeBenito	9401ae1	`fs_manage_dos_files(qemu_t)`
Chris PeBenito	9401ae1	`')`
Chris PeBenito	9401ae1
Chris PeBenito	9401ae1	optional_policy(`
Chris PeBenito	9401ae1	`dbus_read_lib_files(qemu_t)`
Chris PeBenito	9401ae1	`')`
Chris PeBenito	9401ae1
Chris PeBenito	9401ae1	optional_policy(`
Chris PeBenito	9401ae1	`pulseaudio_manage_home_files(qemu_t)`
Chris PeBenito	9401ae1	`pulseaudio_stream_connect(qemu_t)`
Chris PeBenito	9401ae1	`')`
Chris PeBenito	9401ae1
Chris PeBenito	9401ae1	optional_policy(`
Chris PeBenito	9401ae1	`virt_manage_images(qemu_t)`
Chris PeBenito	9401ae1	`virt_append_log(qemu_t)`
Chris PeBenito	9401ae1	`')`
Chris PeBenito	9401ae1
Chris PeBenito	9401ae1	optional_policy(`
Chris PeBenito	9401ae1	`xen_rw_image_files(qemu_t)`
Chris PeBenito	9401ae1	`')`
Chris PeBenito	9401ae1
Chris PeBenito	9401ae1	optional_policy(`
Chris PeBenito	9401ae1	`xserver_read_xdm_pid(qemu_t)`
Chris PeBenito	9401ae1	`xserver_stream_connect(qemu_t)`
Chris PeBenito	9401ae1	`')`
Chris PeBenito	9401ae1
Chris PeBenito	9401ae1	`########################################`
Chris PeBenito	9401ae1	`#`
Chris PeBenito	9401ae1	`# Unconfined qemu local policy`
Chris PeBenito	9401ae1	`#`
Chris PeBenito	9401ae1
Chris PeBenito	9401ae1	optional_policy(`
Chris PeBenito	9401ae1	`type unconfined_qemu_t;`
Chris PeBenito	9401ae1	`typealias unconfined_qemu_t alias qemu_unconfined_t;`
Chris PeBenito	9401ae1	`application_type(unconfined_qemu_t)`
Chris PeBenito	9401ae1	`unconfined_domain(unconfined_qemu_t)`
Chris PeBenito	9401ae1
Chris PeBenito	9401ae1	`allow unconfined_qemu_t self:process { execstack execmem };`
Chris PeBenito	9401ae1	`allow unconfined_qemu_t qemu_exec_t:file execmod;`
Chris PeBenito	9401ae1	`')`

psss / rpms / selinux-policy

Source Code

Blame qemu.te