From: dwalsh@redhat.com (Daniel J Walsh)
Date: Tue, 23 Feb 2010 16:26:29 -0500
Subject: [refpolicy] system_xen.patch
Message-ID: <4B844805.1080604@redhat.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

http://people.fedoraproject.org/~dwalsh/SELinux/F13/system_xen.patch

+    xen_stream_connect_xm(vhostmd_t)

Added an attribute xm_transition_domain which all domains that 
transition to xm will get.

+       dontaudit xm_ssh_t xm_transition_domain:fifo_file 
rw_inherited_fifo_file_perms;

Then basically dontaudit domains that xm transitions to.


Lots of access to handle using libvirt stuff.

Policy for using xenfs

Transitions to ptchown from xenconsoled
xenconsoled reads etc files

Sets rlimit

Allow domains to run from system_r