Fabian Deutsch has uploaded a new change for review. Change subject: selinux: More permissions ......................................................................
selinux: More permissions Change-Id: Ia37aa8a6996ac39ec68633ebbc955cd4ba53df20 Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1039563 Signed-off-by: Fabian Deutsch <[email protected]> --- M semodule/ovirt.te.in 1 file changed, 9 insertions(+), 1 deletion(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-node refs/changes/98/22198/1 diff --git a/semodule/ovirt.te.in b/semodule/ovirt.te.in index 0a49971..86104cc 100644 --- a/semodule/ovirt.te.in +++ b/semodule/ovirt.te.in @@ -10,12 +10,17 @@ type virt_var_run_t; type virtd_exec_t; type loadkeys_t; + type local_login_t; + type unconfined_t; type etc_t; type init_t; + type initrc_t; type shadow_t; type passwd_file_t; type systemd_localed_t; type systemd_unit_file_t; + type sshd_net_t; + type sysstat_t; type policykit_t; type local_login_t; type var_log_t; @@ -39,7 +44,10 @@ allow loadkeys_t initrc_tmp_t:file read; allow policykit_t ovirt_t:dbus send_msg; allow local_login_t var_log_t:file { write create }; - +allow initrc_t unconfined_t:process dyntransition; +allow local_login_t var_log_t:file { read lock }; +allow sshd_net_t initrc_t:process sigchld; +allow sysstat_t var_log_t:file open; # Remove this block once the bug is solved # Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1025401 -- To view, visit http://gerrit.ovirt.org/22198 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ia37aa8a6996ac39ec68633ebbc955cd4ba53df20 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-node Gerrit-Branch: master Gerrit-Owner: Fabian Deutsch <[email protected]> _______________________________________________ node-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/node-patches
