Fabian Deutsch has uploaded a new change for review. Change subject: selinux: Further updates ......................................................................
selinux: Further updates Change-Id: I87908879b71f1049c37bca876f441415e1a1323d Signed-off-by: Fabian Deutsch <[email protected]> --- M semodule/ovirt.te.in 1 file changed, 22 insertions(+), 7 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-node refs/changes/40/22540/1 diff --git a/semodule/ovirt.te.in b/semodule/ovirt.te.in index d1deafc..4cc486d 100644 --- a/semodule/ovirt.te.in +++ b/semodule/ovirt.te.in @@ -6,6 +6,7 @@ @SYSTEMD_COMMENT@ type systemd_unit_file_t; type collectd_t; type etc_t; + type getty_t; type initrc_t; type initrc_tmp_t; type init_t; @@ -37,6 +38,7 @@ ') #============= collectd_t ============== +@COLLECTD_COMMENT@allow collectd_t initrc_t:unix_stream_socket connectto; @COLLECTD_COMMENT@allow collectd_t passwd_file_t:file { open read }; @COLLECTD_COMMENT@allow collectd_t virtd_exec_t:file getattr; @COLLECTD_COMMENT@allow collectd_t virt_etc_t:file read; @@ -49,17 +51,15 @@ @SYSTEMD_COMMENT@allow systemd_localed_t systemd_unit_file_t:service start; @SYSTEMD_COMMENT@allow systemd_localed_t ovirt_t:dbus send_msg; -#============= misc ============== -allow mount_t shadow_t:file mounton; -allow setfiles_t net_conf_t:file read; -allow loadkeys_t initrc_tmp_t:file read; -allow policykit_t ovirt_t:dbus send_msg; -allow sshd_net_t initrc_t:process sigchld; -allow sysstat_t var_log_t:file open; +#============= getty_t ============== +allow getty_t var_log_t:file open; #============= initrc_t ============== allow initrc_t sshd_net_t:process dyntransition; allow initrc_t unconfined_t:process dyntransition; + +#============= loadkeys_t ============== +allow loadkeys_t initrc_tmp_t:file read; #============= local_login_t ============== allow local_login_t var_log_t:file { open write create read lock }; @@ -67,9 +67,24 @@ #============= logrotate_t ============== allow logrotate_t virt_cache_t:dir read; +#============= mount_t ============== +allow mount_t shadow_t:file mounton; + +#============= policykit_t ============== +allow policykit_t ovirt_t:dbus send_msg; + +#============= setfiles_t ============== +allow setfiles_t net_conf_t:file read; + +#============= sshd_t ============== +allow sshd_net_t initrc_t:process sigchld; + #============= svirt_t ============== allow svirt_t initrc_t:unix_stream_socket connectto; +#============= sysstat_t ============== +allow sysstat_t var_log_t:file open; + #============= tuned_t ============== allow tuned_t ovirt_t:dbus send_msg; -- To view, visit http://gerrit.ovirt.org/22540 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I87908879b71f1049c37bca876f441415e1a1323d Gerrit-PatchSet: 1 Gerrit-Project: ovirt-node Gerrit-Branch: master Gerrit-Owner: Fabian Deutsch <[email protected]> _______________________________________________ node-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/node-patches
