Fabian Deutsch has uploaded a new change for review. Change subject: semodule: Fix some incorrect impots ......................................................................
semodule: Fix some incorrect impots sshd_net_t does not exist on el6, thus only include it optionally. Change-Id: I7557545f8678fe238f72754bffe0b10b95bf3404 Signed-off-by: Fabian Deutsch <[email protected]> --- M semodule/ovirt.te.in 1 file changed, 19 insertions(+), 8 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-node refs/changes/02/30802/1 diff --git a/semodule/ovirt.te.in b/semodule/ovirt.te.in index b86da7c..6a5d717 100644 --- a/semodule/ovirt.te.in +++ b/semodule/ovirt.te.in @@ -34,7 +34,6 @@ type sanlock_t; type setfiles_t; type shadow_t; - type sshd_net_t; type sshd_t; type svirt_t; type syslogd_t; @@ -79,7 +78,12 @@ #============= initrc_t ============== -@SEMODULE_WITH_SYSTEMD@allow initrc_t sshd_net_t:process dyntransition; +optional_policy(` + require { + type sshd_net_t; + } + allow initrc_t sshd_net_t:process dyntransition; +') allow initrc_t unconfined_t:process dyntransition; @@ -126,8 +130,16 @@ allow setfiles_t dhcpc_t:udp_socket { read write }; +#============= sshd_net_t ============== +optional_policy(` + require { + type sshd_net_t; + } + allow sshd_net_t initrc_t:process sigchld; +') + + #============= sshd_t ============== -@SEMODULE_WITH_SYSTEMD@allow sshd_net_t initrc_t:process sigchld; allow sshd_t var_log_t:file { read open write }; @@ -411,23 +423,22 @@ ') - -#============= initrc_t ============== -allow initrc_t sshd_net_t:process dyntransition; -allow initrc_t unconfined_t:process dyntransition; - #============= local_login_t ============== allow local_login_t var_log_t:file { open write create read lock }; + #============= logrotate_t ============== allow logrotate_t virt_cache_t:dir read; + #============= svirt_t ============== allow svirt_t initrc_t:unix_stream_socket connectto; + #============= tuned_t ============== allow tuned_t ovirt_t:dbus send_msg; + # Remove this block once the bug is solved # Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1025401 #============= iscsid_t ============== -- To view, visit http://gerrit.ovirt.org/30802 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I7557545f8678fe238f72754bffe0b10b95bf3404 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-node Gerrit-Branch: master Gerrit-Owner: Fabian Deutsch <[email protected]> _______________________________________________ node-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/node-patches
