Fabian Deutsch has uploaded a new change for review. Change subject: update selinux module ......................................................................
update selinux module Change-Id: I5cf1e582dbabdf17477554ea0263084a976d8709 Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1033064 Signed-off-by: Fabian Deutsch <[email protected]> --- M semodule/ovirt.te.in 1 file changed, 28 insertions(+), 0 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-node refs/changes/48/30448/1 diff --git a/semodule/ovirt.te.in b/semodule/ovirt.te.in index d42a934..f9d647e 100644 --- a/semodule/ovirt.te.in +++ b/semodule/ovirt.te.in @@ -14,8 +14,11 @@ @SEMODULE_WITH_SYSTEMD@ type sshd_net_t; @SEMODULE_WITH_SYSTEMD@ type systemd_localed_t; @SEMODULE_WITH_SYSTEMD@ type systemd_unit_file_t; +@COLLECTD_COMMENT@ type collectd_t; + type etc_t; type dmesg_t; type getty_t; + type init_t; type initrc_t; type initrc_tmp_t; type init_t; @@ -26,11 +29,13 @@ type logrotate_t; type mount_t; type net_conf_t; + type passwd_file_t; type policykit_t; type sanlock_t; type setfiles_t; type shadow_t; type sshd_t; + type sshd_net_t; type svirt_t; type syslogd_t; type sysstat_t; @@ -41,7 +46,12 @@ type var_log_t; type var_lib_t; type virt_cache_t; + type virt_etc_t; + type virt_var_run_t; + type virtd_exec_t; + type virtd_t; ') + #============= collectd_t ============== @SEMODULE_NOT_EL6@allow collectd_t initrc_t:unix_stream_socket connectto; @@ -50,6 +60,7 @@ @SEMODULE_NOT_EL6@allow collectd_t virt_etc_t:file read; @SEMODULE_NOT_EL6@allow collectd_t virt_var_run_t:sock_file write; @SEMODULE_NOT_EL6@allow collectd_t virtd_t:unix_stream_socket connectto; + #============= systemd_localed_t ============== @SEMODULE_WITH_SYSTEMD@allow systemd_localed_t etc_t:file { write rename create setattr }; @@ -373,6 +384,23 @@ +#============= initrc_t ============== +allow initrc_t sshd_net_t:process dyntransition; +allow initrc_t unconfined_t:process dyntransition; + +#============= local_login_t ============== +allow local_login_t var_log_t:file open; + +#============= logrotate_t ============== +allow logrotate_t virt_cache_t:dir read; + +#============= svirt_t ============== +allow svirt_t initrc_t:unix_stream_socket connectto; + +#============= tuned_t ============== +allow tuned_t ovirt_t:dbus send_msg; + + type ovirt_t; type ovirt_exec_t; init_daemon_domain(ovirt_t, ovirt_exec_t) -- To view, visit http://gerrit.ovirt.org/30448 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I5cf1e582dbabdf17477554ea0263084a976d8709 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-node Gerrit-Branch: master Gerrit-Owner: Fabian Deutsch <[email protected]> _______________________________________________ node-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/node-patches
