+@@ -85,6 +86,7 @@
type xenconsoled_t;
type xenconsoled_exec_t;
init_daemon_domain(xenconsoled_t, xenconsoled_exec_t)
@@ -36611,7 +36637,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te
# pid files
type xenconsoled_var_run_t;
-@@ -209,6 +210,7 @@
+@@ -209,6 +211,7 @@
files_manage_etc_runtime_files(xend_t)
files_etc_filetrans_etc_runtime(xend_t, file)
files_read_usr_files(xend_t)
@@ -36619,7 +36645,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te
storage_raw_read_fixed_disk(xend_t)
storage_raw_write_fixed_disk(xend_t)
-@@ -259,6 +261,7 @@
+@@ -259,6 +262,7 @@
#
allow xenconsoled_t self:capability { dac_override fsetid ipc_lock };
@@ -36627,7 +36653,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te
allow xenconsoled_t self:unix_stream_socket create_stream_socket_perms;
allow xenconsoled_t self:fifo_file rw_fifo_file_perms;
-@@ -279,6 +282,7 @@
+@@ -279,6 +283,7 @@
domain_dontaudit_ptrace_all_domains(xenconsoled_t)
@@ -36635,7 +36661,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te
files_read_usr_files(xenconsoled_t)
fs_list_tmpfs(xenconsoled_t)
-@@ -297,6 +301,10 @@
+@@ -297,6 +302,10 @@
xen_manage_log(xenconsoled_t)
xen_stream_connect_xenstore(xenconsoled_t)
@@ -36646,7 +36672,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te
########################################
#
# Xen store local policy
-@@ -340,6 +348,9 @@
+@@ -340,6 +349,9 @@
files_read_usr_files(xenstored_t)
@@ -36656,7 +36682,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te
storage_raw_read_fixed_disk(xenstored_t)
storage_raw_write_fixed_disk(xenstored_t)
storage_raw_read_removable_device(xenstored_t)
-@@ -421,7 +432,14 @@
+@@ -421,7 +433,14 @@
xen_stream_connect_xenstore(xm_t)
optional_policy(`
@@ -36671,11 +36697,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te
virt_stream_connect(xm_t)
')
-@@ -438,6 +456,8 @@
+@@ -435,9 +454,14 @@
+ kernel_read_xen_state(xm_ssh_t)
+ kernel_write_xen_state(xm_ssh_t)
+
++ dontaudit xm_ssh_t xm_transition_domain:fifo_file rw_inherited_fifo_file_perms;
++ files_search_tmp(xm_ssh_t)
++
fs_manage_xenfs_dirs(xm_ssh_t)
fs_manage_xenfs_files(xm_ssh_t)
-+userdom_search_admin_dir(xm_ssh_t)
++ userdom_search_admin_dir(xm_ssh_t)
+
#Should have a boolean wrapping these
fs_list_auto_mountpoints(xend_t)
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 358f154..c54e93e 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,7 +20,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.7.9
-Release: 3%{?dist}
+Release: 4%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -466,6 +466,9 @@ exit 0
%endif
%changelog
+* Thu Feb 18 2010 Dan Walsh