From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Mon, 31 Dec 2012 23:52:30 +0100
Subject: [refpolicy] [PATCH 11/12] Allow qemu to create TCP sockets (VNC
	support)
In-Reply-To: <1356994351-29191-1-git-send-email-sven.vermeulen@siphos.be>
References: <1356994351-29191-1-git-send-email-sven.vermeulen@siphos.be>
Message-ID: <1356994351-29191-12-git-send-email-sven.vermeulen@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

To support binding to a VNC server (as well as GDB remote support), allow
qemu_t to create a tcp_socket.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 qemu.te |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/qemu.te b/qemu.te
index 2e824eb..672acfb 100644
--- a/qemu.te
+++ b/qemu.te
@@ -28,6 +28,8 @@ role qemu_roles types qemu_t;
 #
 
 tunable_policy(`qemu_full_network',`
+	allow qemu_t self:tcp_socket create_stream_socket_perms;
+
 	corenet_udp_sendrecv_generic_if(qemu_t)
 	corenet_udp_sendrecv_generic_node(qemu_t)
 	corenet_udp_sendrecv_all_ports(qemu_t)
-- 
1.7.8.6