Fabian Deutsch has uploaded a new change for review. Change subject: selinux: More permissions ......................................................................
selinux: More permissions Change-Id: Ia37aa8a6996ac39ec68633ebbc955cd4ba53df20 Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1039563 Signed-off-by: Fabian Deutsch <[email protected]> --- M semodule/ovirt.te.in 1 file changed, 3 insertions(+), 2 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-node refs/changes/00/22500/1 diff --git a/semodule/ovirt.te.in b/semodule/ovirt.te.in index b112741..57cd07e 100644 --- a/semodule/ovirt.te.in +++ b/semodule/ovirt.te.in @@ -48,14 +48,15 @@ allow setfiles_t net_conf_t:file read; allow loadkeys_t initrc_tmp_t:file read; allow policykit_t ovirt_t:dbus send_msg; -allow local_login_t var_log_t:file { write create }; +allow sshd_net_t initrc_t:process sigchld; +allow sysstat_t var_log_t:file open; #============= initrc_t ============== allow initrc_t sshd_net_t:process dyntransition; allow initrc_t unconfined_t:process dyntransition; #============= local_login_t ============== -allow local_login_t var_log_t:file open; +allow local_login_t var_log_t:file { open write create read lock }; #============= logrotate_t ============== allow logrotate_t virt_cache_t:dir read; -- To view, visit http://gerrit.ovirt.org/22500 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ia37aa8a6996ac39ec68633ebbc955cd4ba53df20 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-node Gerrit-Branch: node-3.0 Gerrit-Owner: Fabian Deutsch <[email protected]> _______________________________________________ node-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/node-patches
