From mboxrd@z Thu Jan  1 00:00:00 1970
From: David Windsor <dwindsor-5TQdPaFcblfQT0dZR+AlfA@public.gmane.org>
Subject: [RFC][PATCH 01/01] SELinux: add VM entrypoint object
 class/permission
Date: Fri, 20 Jul 2007 15:32:23 -0400
Message-ID: <C2C68607.366F%dwindsor@tresys.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Cc: Joshua Brindle <jbrindle-5TQdPaFcblfQT0dZR+AlfA@public.gmane.org>
To: selinux <selinux-+05T5uksL2qpZYMLLGbcSA@public.gmane.org>,
	kvm-devel <kvm-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org>
Return-path: <kvm-devel-bounces-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/kvm-devel>,
	<mailto:kvm-devel-request-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=kvm-devel>
List-Post: <mailto:kvm-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org>
List-Help: <mailto:kvm-devel-request-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/kvm-devel>,
	<mailto:kvm-devel-request-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org?subject=subscribe>
Sender: kvm-devel-bounces-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
Errors-To: kvm-devel-bounces-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
List-Id: kvm.vger.kernel.org

This patchset modifies libselinux to include the vm object class and the
entrypoint permission for use with the userspace qemu SELinux code.


Index: src/selinux/libselinux/include/selinux/av_permissions.h
===================================================================
--- src.orig/selinux/libselinux/include/selinux/av_permissions.h
2007-07-14 23:55:36.000000000 -0400
+++ src/selinux/libselinux/include/selinux/av_permissions.h     2007-07-15
00:18:59.000000000 -0400
@@ -897,3 +897,4 @@
 #define KEY__CREATE                               0x00000040UL
 #define CONTEXT__TRANSLATE                        0x00000001UL
 #define CONTEXT__CONTAINS                         0x00000002UL
+#define VM__ENTRYPOINT                           0x00000001UL
Index: src/selinux/libselinux/include/selinux/flask.h
===================================================================
--- src.orig/selinux/libselinux/include/selinux/flask.h 2007-07-14
23:55:36.000000000 -0400
+++ src/selinux/libselinux/include/selinux/flask.h      2007-07-15
00:55:14.000000000 -0400
@@ -64,6 +64,7 @@
 #define SECCLASS_PACKET                                  57
 #define SECCLASS_KEY                                     58
 #define SECCLASS_CONTEXT                                 59
+#define SECCLASS_VM                                     60
 
 /*
  * Security identifier indices for initial entities
Index: src/selinux/libselinux/src/class_to_string.h
===================================================================
--- src.orig/selinux/libselinux/src/class_to_string.h   2007-07-14
23:55:36.000000000 -0400
+++ src/selinux/libselinux/src/class_to_string.h        2007-07-15
00:18:59.000000000 -0400
@@ -62,3 +62,4 @@
     S_("packet")
     S_("key")
     S_("context")
+    S_("vm")
Index: src/selinux/libselinux/src/av_perm_to_string.h
===================================================================
--- src.orig/selinux/libselinux/src/av_perm_to_string.h 2007-07-14
23:55:36.000000000 -0400
+++ src/selinux/libselinux/src/av_perm_to_string.h      2007-07-15
00:57:10.000000000 -0400
@@ -267,3 +267,4 @@
     S_(SECCLASS_KEY, KEY__CREATE, "create")
     S_(SECCLASS_CONTEXT, CONTEXT__TRANSLATE, "translate")
     S_(SECCLASS_CONTEXT, CONTEXT__CONTAINS, "contains")
+    S_(SECCLASS_VM, VM__ENTRYPOINT, "entrypoint")


-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/