From mboxrd@z Thu Jan 1 00:00:00 1970 From: konrad@kernel.org (Konrad Rzeszutek Wilk) Date: Mon, 9 Oct 2017 12:53:43 -0400 Subject: [refpolicy] [refpolicy SELinux PATCH] Updates to SELinux refpolicies to make xenconsoled work. (v1)] Message-ID: <20171009165342.GC9212@localhost.localdomain> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Re-sending as the first didn't hit the refpolicy mailing list. Date: Mon, 9 Oct 2017 11:53:45 -0400 From: Konrad Rzeszutek Wilk To: refpolicy at oss.tresys.com Cc: xen-devel at lists.xenproject.org Subject: [refpolicy SELinux PATCH] Updates to SELinux refpolicies to make xenconsoled work. (v1) Hey! Since Xen 4.6 the xenstored prefers to use /dev/xen/xenbus instead of /proc/xen/xenbus. That wasn't in the original email that Anthony had sent: "[refpolicy] [SELINUX POLICY PATCH] Update for Xen 4.7" http://oss.tresys.com/pipermail/refpolicy/2017-August/009784.html But nonetheless it is needed to make xenconsoled work on Fedora installs. Additionally we also add the 'map' functionality to make the xenconsoled /xenconsole work together. For more details, please see: https://bugzilla.redhat.com/show_bug.cgi?id=1484908 Please merge at your convience. Konrad Rzeszutek Wilk (2): kernel/xen: Update for Xen 4.6 kernel/xen: Add map permission to the dev_rw_xen policy/modules/kernel/devices.fc | 1 + policy/modules/kernel/devices.if | 1 + 2 files changed, 2 insertions(+) ----- End forwarded message ----- From mboxrd@z Thu Jan 1 00:00:00 1970 From: Konrad Rzeszutek Wilk Subject: [refpolicy SELinux PATCH] Updates to SELinux refpolicies to make xenconsoled work. (v1)] Date: Mon, 9 Oct 2017 12:53:43 -0400 Message-ID: <20171009165342.GC9212@localhost.localdomain> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Return-path: Received: from mail6.bemta5.messagelabs.com ([195.245.231.135]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e1bJM-0006Wj-1s for xen-devel@lists.xenproject.org; Mon, 09 Oct 2017 16:53:48 +0000 Received: by mail-qt0-f171.google.com with SMTP id v28so35483659qtv.1 for ; Mon, 09 Oct 2017 09:53:46 -0700 (PDT) Content-Disposition: inline List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" To: refpolicy@oss.tresys.com Cc: xen-devel@lists.xenproject.org List-Id: xen-devel@lists.xenproject.org UmUtc2VuZGluZyBhcyB0aGUgZmlyc3QgZGlkbid0IGhpdCB0aGUgcmVmcG9saWN5IG1haWxpbmcg bGlzdC4KCkRhdGU6IE1vbiwgIDkgT2N0IDIwMTcgMTE6NTM6NDUgLTA0MDAKRnJvbTogS29ucmFk IFJ6ZXN6dXRlayBXaWxrIDxrb25yYWRAa2VybmVsLm9yZz4KVG86IHJlZnBvbGljeUBvc3MudHJl c3lzLmNvbQpDYzogeGVuLWRldmVsQGxpc3RzLnhlbnByb2plY3Qub3JnClN1YmplY3Q6IFtyZWZw b2xpY3kgU0VMaW51eCBQQVRDSF0gVXBkYXRlcyB0byBTRUxpbnV4IHJlZnBvbGljaWVzIHRvIG1h a2UKIHhlbmNvbnNvbGVkIHdvcmsuICh2MSkKCkhleSEKU2luY2UgWGVuIDQuNiB0aGUgeGVuc3Rv cmVkIHByZWZlcnMgdG8gdXNlIC9kZXYveGVuL3hlbmJ1cyBpbnN0ZWFkIG9mIC9wcm9jL3hlbi94 ZW5idXMuClRoYXQgd2Fzbid0IGluIHRoZSBvcmlnaW5hbCBlbWFpbCB0aGF0IEFudGhvbnkgaGFk IHNlbnQ6CgoiW3JlZnBvbGljeV0gW1NFTElOVVggUE9MSUNZIFBBVENIXSBVcGRhdGUgZm9yIFhl biA0LjciCiBodHRwOi8vb3NzLnRyZXN5cy5jb20vcGlwZXJtYWlsL3JlZnBvbGljeS8yMDE3LUF1 Z3VzdC8wMDk3ODQuaHRtbAoKQnV0IG5vbmV0aGVsZXNzIGl0IGlzIG5lZWRlZCB0byBtYWtlIHhl bmNvbnNvbGVkIHdvcmsgb24gRmVkb3JhIGluc3RhbGxzLgoKQWRkaXRpb25hbGx5IHdlIGFsc28g YWRkIHRoZSAnbWFwJyBmdW5jdGlvbmFsaXR5IHRvIG1ha2UgdGhlIHhlbmNvbnNvbGVkCi94ZW5j b25zb2xlIHdvcmsgdG9nZXRoZXIuCgpGb3IgbW9yZSBkZXRhaWxzLCBwbGVhc2Ugc2VlOgogaHR0 cHM6Ly9idWd6aWxsYS5yZWRoYXQuY29tL3Nob3dfYnVnLmNnaT9pZD0xNDg0OTA4CgpQbGVhc2Ug bWVyZ2UgYXQgeW91ciBjb252aWVuY2UuCgpLb25yYWQgUnplc3p1dGVrIFdpbGsgKDIpOgogICAg ICBrZXJuZWwveGVuOiBVcGRhdGUgZm9yIFhlbiA0LjYKICAgICAga2VybmVsL3hlbjogQWRkIG1h cCBwZXJtaXNzaW9uIHRvIHRoZSBkZXZfcndfeGVuCgogcG9saWN5L21vZHVsZXMva2VybmVsL2Rl dmljZXMuZmMgfCAxICsKIHBvbGljeS9tb2R1bGVzL2tlcm5lbC9kZXZpY2VzLmlmIHwgMSArCiAy IGZpbGVzIGNoYW5nZWQsIDIgaW5zZXJ0aW9ucygrKQoKCi0tLS0tIEVuZCBmb3J3YXJkZWQgbWVz c2FnZSAtLS0tLQoKX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X18KWGVuLWRldmVsIG1haWxpbmcgbGlzdApYZW4tZGV2ZWxAbGlzdHMueGVuLm9yZwpodHRwczov L2xpc3RzLnhlbi5vcmcveGVuLWRldmVsCg==