This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
Just adding zfs to the list of defined filesystems in filesystem.te
Signed-off-by: Matthew Thode <mthode@mthode.org>
This process is not allowed to interact with subjects or operate on
objects that it would otherwise be able to interact with or operate on
respectively.
This is, i think, to make sure that specified processes cannot interact
with subject or operate on objects regardless of its mcs range.
It is used by svirt and probably also by sandbox
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
Currently, the files_manage_generic_locks only handles the lock files. If a
domain needs to manage both lock files and the lock directories (like specific
subdirectories in /var/lock that are not owned by a single other domain, such as
Gentoo's /var/lock/subsys location) it also needs the manage permissions on the
directory.
This is to support OpenRC's migration of /var/lock to /run/lock which otherwise
fails:
* Migrating /var/lock to /run/lock
cp: cannot create directory '/run/lock/subsys': Permission denied
rm: cannot remove '/var/lock/subsys': Permission denied
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
This interface will be used by domains that need to manage the various pidfile
content (*_var_run_t).
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
Used by kernel to communicate with user space (cachefilesd)
Label the character file accordingly
Create a dev_rw_cachefiles_dev() for cachefilesd
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
Intel® AMT Linux support includes two components that allow interaction
between the Intel® AMT FW and the Linux OS: Intel® MEI (Intel® Management Engine Interface)
driver and LMS (Local Management Service) driver. Intel® MEI driver
allows application to communicate with the FW using host interface,
and LMS driver allows applications to access the Intel® AMT FW via the
local Intel® Management Engine Interface (Intel® MEI).
In addition, Intel has validated a kernel patch to enable
IDE-redirection. This is a community maintained patch, but Intel is
distributing the version used in the validation of the other Intel® AMT
components released here:
http://software.intel.com/en-us/articles/download-the-latest-intel-amt-open-source-drivers/
Declare a mei_device_t device node tyoe and label /dev/mei accordingly.
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
