diff --git a/policy/modules/roles/xguest.te b/policy/modules/roles/xguest.te index 19f531d..26e4db5 100644 --- a/policy/modules/roles/xguest.te +++ b/policy/modules/roles/xguest.te @@ -1,5 +1,5 @@ -policy_module(xguest, 1.0.0) +policy_module(xguest, 1.0.1) ######################################## # @@ -36,6 +36,20 @@ userdom_restricted_xwindows_user_template(xguest) # Local policy # +ifndef(`enable_mls',` + fs_exec_noxattr(xguest_t) + + tunable_policy(`user_rw_noexattrfile',` + fs_manage_noxattr_fs_files(xguest_t) + fs_manage_noxattr_fs_dirs(xguest_t) + # Write floppies + storage_raw_read_removable_device(xguest_t) + storage_raw_write_removable_device(xguest_t) + ',` + storage_raw_read_removable_device(xguest_t) + ') +') + # Allow mounting of file systems optional_policy(` tunable_policy(`xguest_mount_media',` @@ -77,6 +91,8 @@ optional_policy(` optional_policy(` tunable_policy(`xguest_connect_network',` networkmanager_dbus_chat(xguest_t) + corenet_tcp_connect_pulseaudio_port(xguest_t) + corenet_tcp_connect_ipp_port(xguest_t) ') ')