Fabian Deutsch has uploaded a new change for review. Change subject: update selinux module ......................................................................
update selinux module Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1033064 Change-Id: I2f42a94450d7365b9d11afcc332810a5f6c65879 Signed-off-by: Fabian Deutsch <[email protected]> --- M semodule/ovirt.te.in 1 file changed, 44 insertions(+), 11 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-node refs/changes/97/22497/1 diff --git a/semodule/ovirt.te.in b/semodule/ovirt.te.in index 2763fb3..f3af907 100644 --- a/semodule/ovirt.te.in +++ b/semodule/ovirt.te.in @@ -1,24 +1,39 @@ policy_module(ovirt, 1.0) gen_require(` - type initrc_tmp_t; - type mount_t; - type setfiles_t; - type net_conf_t; +@COLLECTD_COMMENT@ type collectd_t; +@SYSTEMD_COMMENT@ type systemd_localed_t; +@SYSTEMD_COMMENT@ type systemd_unit_file_t; type collectd_t; - type virt_etc_t; - type virt_var_run_t; - type virtd_exec_t; - type loadkeys_t; type etc_t; + type initrc_t; + type initrc_tmp_t; type init_t; - type shadow_t; + type iscsid_t; + type iscsi_var_lib_t; + type loadkeys_t; + type local_login_t; + type logrotate_t; + type mount_t; + type net_conf_t; type passwd_file_t; + type policykit_t; + type setfiles_t; + type shadow_t; + type sshd_net_t; + type sshd_t; + type svirt_t; + type sysstat_t; type systemd_localed_t; type systemd_unit_file_t; - type policykit_t; - type local_login_t; + type tuned_t; + type unconfined_t; type var_log_t; + type virt_cache_t; + type virtd_exec_t; + type virtd_t; + type virt_etc_t; + type virt_var_run_t; ') #============= collectd_t ============== @@ -26,6 +41,7 @@ @COLLECTD_COMMENT@allow collectd_t virtd_exec_t:file getattr; @COLLECTD_COMMENT@allow collectd_t virt_etc_t:file read; @COLLECTD_COMMENT@allow collectd_t virt_var_run_t:sock_file write; +@COLLECTD_COMMENT@allow collectd_t virtd_t:unix_stream_socket connectto; #============= systemd_localed_t ============== @SYSTEMD_COMMENT@allow systemd_localed_t etc_t:file { write rename create setattr }; @@ -40,6 +56,23 @@ allow policykit_t ovirt_t:dbus send_msg; allow local_login_t var_log_t:file { write create }; +#============= initrc_t ============== +allow initrc_t sshd_net_t:process dyntransition; +allow initrc_t unconfined_t:process dyntransition; + +#============= local_login_t ============== +allow local_login_t var_log_t:file open; + +#============= logrotate_t ============== +allow logrotate_t virt_cache_t:dir read; + +#============= svirt_t ============== +allow svirt_t initrc_t:unix_stream_socket connectto; + +#============= tuned_t ============== +allow tuned_t ovirt_t:dbus send_msg; + + type ovirt_t; type ovirt_exec_t; init_daemon_domain(ovirt_t, ovirt_exec_t) -- To view, visit http://gerrit.ovirt.org/22497 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I2f42a94450d7365b9d11afcc332810a5f6c65879 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-node Gerrit-Branch: master Gerrit-Owner: Fabian Deutsch <[email protected]> _______________________________________________ node-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/node-patches
