From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from jazzdrum.ncsc.mil (zombie.ncsc.mil [144.51.88.131]) by tarius.tycho.ncsc.mil (8.13.1/8.13.1) with SMTP id l7NHgltd011419 for ; Thu, 23 Aug 2007 13:42:47 -0400 Received: from exchange.columbia.tresys.com (jazzdrum.ncsc.mil [144.51.5.7]) by jazzdrum.ncsc.mil (8.12.10/8.12.10) with SMTP id l7NHgknv000535 for ; Thu, 23 Aug 2007 17:42:47 GMT Subject: Re: [PATCH] refpolicy: apps_vmware changes From: "Christopher J. PeBenito" To: Tom London Cc: Daniel J Walsh , selinux@tycho.nsa.gov In-Reply-To: <4c4ba1530708221752q6ba5f9dy7a1ec67f9c6f8956@mail.gmail.com> References: <200708021956.l72Ju2S3029420@redsox.boston.devel.redhat.com> <1187812502.13874.98.camel@gorn> <46CCAC4B.1060506@redhat.com> <4c4ba1530708221752q6ba5f9dy7a1ec67f9c6f8956@mail.gmail.com> Content-Type: text/plain Date: Thu, 23 Aug 2007 17:41:50 +0000 Message-Id: <1187890910.13874.140.camel@gorn> Mime-Version: 1.0 Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov On Wed, 2007-08-22 at 17:52 -0700, Tom London wrote: > On 8/22/07, Daniel J Walsh wrote: > > Christopher J. PeBenito wrote: > > > On Thu, 2007-08-02 at 15:56 -0400, dwalsh@redhat.com wrote: > > >> Fixes for vmware > > >> @@ -29,7 +29,7 @@ > > >> > > >> allow vmware_host_t self:capability { setuid net_raw }; > > >> dontaudit vmware_host_t self:capability sys_tty_config; > > >> -allow vmware_host_t self:process signal_perms; > > >> +allow vmware_host_t self:process { execstack execmem signal_perms }; > > >> allow vmware_host_t self:fifo_file rw_fifo_file_perms; > > >> allow vmware_host_t self:unix_stream_socket create_stream_socket_perms; > > >> allow vmware_host_t self:rawip_socket create_socket_perms; > > > > > > Which version of vmware requires this? Other parts merged. > > >> > > I think these came from Tom? > > I'm running VMWare Workstation 6.0. > > Need me to recreate? Mainly I want to write a comment in the policy since previous workstation versions didn't need it. However, if if there has been a vmware update since you hit this, it would be good to verify the rules are still required. -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150 -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.