[node-patches] Change in ovirt-node[master]: selinux: Updates for auditd changes

Wed, 17 Sep 2014 21:47:07 -0700 

Fabian Deutsch has uploaded a new change for review.

Change subject: selinux: Updates for auditd changes
......................................................................

selinux: Updates for auditd changes

Change-Id: I41c42eea5f41eb38dfa73b22089f1eeb38dca3a5
Signed-off-by: Fabian Deutsch <[email protected]>
---
M semodule/ovirt.te.in
1 file changed, 10 insertions(+), 1 deletion(-)


  git pull ssh://gerrit.ovirt.org:29418/ovirt-node refs/changes/27/33027/1

diff --git a/semodule/ovirt.te.in b/semodule/ovirt.te.in
index bf41847..c68353a 100644
--- a/semodule/ovirt.te.in
+++ b/semodule/ovirt.te.in
@@ -11,6 +11,7 @@
 @SEMODULE_WITH_SYSTEMD@    type systemd_localed_t;
 @SEMODULE_WITH_SYSTEMD@    type systemd_unit_file_t;
 @SEMODULE_WITH_SYSTEMD@    type systemd_hostnamed_t;
+    type auditd_log_t;
     type etc_t;
     type device_t;
     type dmesg_t;
@@ -381,11 +382,13 @@
 
 #============= getty_t ==============
 require {
-type getty_t;
+  type getty_t;
 }
 allow getty_t local_login_t:process { siginh rlimitinh noatsecure };
 allow getty_t var_log_t:file { open write };
 allow getty_t tmpfs_t:dir search;
+allow getty_t auditd_log_t:file { write lock open };
+
 
 
 #============= ifconfig_t ==============
@@ -437,10 +440,16 @@
 
 #============= local_login_t ==============
 allow local_login_t var_log_t:file { open write create read lock };
+allow local_login_t auditd_log_t:dir { write add_name };
+allow local_login_t auditd_log_t:file { write lock create open read };
 
 
 #============= logrotate_t ==============
 allow logrotate_t virt_cache_t:dir read;
+allow logrotate_t auditd_log_t:dir read;
+allow logrotate_t auditd_log_t:file getattr;
+allow logrotate_t virt_cache_t:dir { write remove_name add_name };
+allow logrotate_t virt_cache_t:file { rename setattr read create getattr write 
ioctl unlink open };
 
 
 #============= svirt_t ==============


-- 
To view, visit http://gerrit.ovirt.org/33027
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I41c42eea5f41eb38dfa73b22089f1eeb38dca3a5
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-node
Gerrit-Branch: master
Gerrit-Owner: Fabian Deutsch <[email protected]>
_______________________________________________
node-patches mailing list
[email protected]
http://lists.ovirt.org/mailman/listinfo/node-patches

Reply via email to