From: Ralf Ertzinger <ralf@skytale.net>
Date: Mon, 24 Aug 2015 17:53:12 +0000 (+0000)
Subject: quake2: Add execmem support
X-Git-Url: https://git.camperquake.de/gitweb.cgi?a=commitdiff_plain;h=d12d416c4cc74cb51c78dc2f8afd02c869199073;hp=4ebaca99cf2410432f43b8bdb1511de169643e4e;p=selinux.git

quake2: Add execmem support
---

diff --git a/quake2/quake2.fc b/quake2/quake2.fc
index 0ae0145..eb03638 100644
--- a/quake2/quake2.fc
+++ b/quake2/quake2.fc
@@ -1,7 +1,7 @@
-/etank/games/quake2/quake2/quake2ded         --      gen_context(system_u:object_r:quake2_exec_t,s0)
-/etank/games/quake2/quake2/.*/gamex86_64.so  --      gen_context(system_u:object_r:quake2_exec_t,s0)
-/etank/games/quake2/quake2(/.*)?                     gen_context(system_u:object_r:quake2_ro_t,s0)
-/etank/games/quake2/quake2/lithium/save(/.*)?        gen_context(system_u:object_r:quake2_rw_t,s0)
-/etank/games/quake2/quake2/lithium/log(/.*)?         gen_context(system_u:object_r:quake2_rw_t,s0)
-/etank/games/quake2/quake2/lithium/.*log             gen_context(system_u:object_r:quake2_rw_t,s0)
-#/etank/games/quake2/.quake2(/.*)?                   gen_context(system_u:object_r:quake2_rw_t,s0)
+/etank/games/quake2/quake2/quake2ded([^/]*)?         --      gen_context(system_u:object_r:quake2_exec_t,s0)
+/etank/games/quake2/quake2/.*/game(x86_64|i386)\.so  --      gen_context(system_u:object_r:quake2_exec_t,s0)
+/etank/games/quake2/quake2(/.*)?                             gen_context(system_u:object_r:quake2_ro_t,s0)
+/etank/games/quake2/quake2/lithium/save(/.*)?                gen_context(system_u:object_r:quake2_rw_t,s0)
+/etank/games/quake2/quake2/lithium/log(/.*)?                 gen_context(system_u:object_r:quake2_rw_t,s0)
+/etank/games/quake2/quake2/lithium/.*log                     gen_context(system_u:object_r:quake2_rw_t,s0)
+#/etank/games/quake2/.quake2(/.*)?                           gen_context(system_u:object_r:quake2_rw_t,s0)
diff --git a/quake2/quake2.te b/quake2/quake2.te
index 1991c36..b1f62ec 100644
--- a/quake2/quake2.te
+++ b/quake2/quake2.te
@@ -1,4 +1,4 @@
-policy_module(quake2, 0.1.1)
+policy_module(quake2, 0.1.5)
 
 # File context for the executable process
 type quake2_t;
@@ -30,3 +30,5 @@ setattr_files_pattern(quake2_t, quake2_rw_t, quake2_rw_t)
 
 sysnet_dns_name_resolve(quake2_t)
 files_tmp_filetrans(quake2_t, quake2_tmp_t, { file dir})
+
+allow quake2_t self:process execmem;