Fabian Deutsch has uploaded a new change for review. Change subject: selinux: More permissions ......................................................................
selinux: More permissions Change-Id: Id238a01083292be24327fffbc32b9bc51f2e6c50 Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1039563 Signed-off-by: Fabian Deutsch <[email protected]> --- M semodule/ovirt.te.in 1 file changed, 14 insertions(+), 6 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-node refs/changes/49/30449/1 diff --git a/semodule/ovirt.te.in b/semodule/ovirt.te.in index f9d647e..fd0545d 100644 --- a/semodule/ovirt.te.in +++ b/semodule/ovirt.te.in @@ -15,6 +15,9 @@ @SEMODULE_WITH_SYSTEMD@ type systemd_localed_t; @SEMODULE_WITH_SYSTEMD@ type systemd_unit_file_t; @COLLECTD_COMMENT@ type collectd_t; +@SYSTEMD_COMMENT@ type systemd_localed_t; +@SYSTEMD_COMMENT@ type systemd_unit_file_t; + type collectd_t; type etc_t; type dmesg_t; type getty_t; @@ -34,11 +37,10 @@ type sanlock_t; type setfiles_t; type shadow_t; - type sshd_t; type sshd_net_t; + type sshd_t; type svirt_t; type syslogd_t; - type sysstat_t; type tuned_t; type tmpfs_t; type unconfined_t; @@ -46,10 +48,10 @@ type var_log_t; type var_lib_t; type virt_cache_t; - type virt_etc_t; - type virt_var_run_t; type virtd_exec_t; type virtd_t; + type virt_etc_t; + type virt_var_run_t; ') @@ -383,13 +385,12 @@ - #============= initrc_t ============== allow initrc_t sshd_net_t:process dyntransition; allow initrc_t unconfined_t:process dyntransition; #============= local_login_t ============== -allow local_login_t var_log_t:file open; +allow local_login_t var_log_t:file { open write create read lock }; #============= logrotate_t ============== allow logrotate_t virt_cache_t:dir read; @@ -400,6 +401,13 @@ #============= tuned_t ============== allow tuned_t ovirt_t:dbus send_msg; +# Remove this block once the bug is solved +# Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1025401 +#============= iscsid_t ============== +allow iscsid_t iscsi_var_lib_t:dir { write remove_name create add_name rmdir }; +allow iscsid_t iscsi_var_lib_t:file { write create unlink }; +allow iscsid_t iscsi_var_lib_t:lnk_file { create unlink }; + type ovirt_t; type ovirt_exec_t; -- To view, visit http://gerrit.ovirt.org/30449 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Id238a01083292be24327fffbc32b9bc51f2e6c50 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-node Gerrit-Branch: master Gerrit-Owner: Fabian Deutsch <[email protected]> _______________________________________________ node-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/node-patches
