Fabian Deutsch has uploaded a new change for review. Change subject: selinux: Some more rules ......................................................................
selinux: Some more rules Needed for el7. Change-Id: If30e1fd14e2a51a41d0e21e4aafacf17ffed470a Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1120650 Signed-off-by: Fabian Deutsch <[email protected]> --- M semodule/ovirt.te.in 1 file changed, 18 insertions(+), 0 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-node refs/changes/78/33078/1 diff --git a/semodule/ovirt.te.in b/semodule/ovirt.te.in index 0be89d6..bb0b3e6 100644 --- a/semodule/ovirt.te.in +++ b/semodule/ovirt.te.in @@ -48,6 +48,10 @@ ') +#============= avahi_t ============== +allow avahi_t tmpfs_t:file { read getattr open }; + + #============= collectd_t ============== @SEMODULE_NOT_EL6@allow collectd_t initrc_t:unix_stream_socket connectto; @SEMODULE_NOT_EL6@allow collectd_t passwd_file_t:file { open read }; @@ -55,6 +59,19 @@ @SEMODULE_NOT_EL6@allow collectd_t virt_etc_t:file read; @SEMODULE_NOT_EL6@allow collectd_t virt_var_run_t:sock_file write; @SEMODULE_NOT_EL6@allow collectd_t virtd_t:unix_stream_socket connectto; + + +#============= dnsmasq_t ============== +optional_policy(` + require { + type dnsmasq_t; + } + allow dnsmasq_t tmpfs_t:dir search; +') + + +#============= sanlock_t ============== +allow sanlock_t tmpfs_t:dir search; #============= systemd_localed_t ============== @@ -143,6 +160,7 @@ } allow snmpd_t device_t:sock_file write; allow snmpd_t ovirt_t:unix_dgram_socket sendto; +allow snmpd_t tmpfs_t:file { read getattr open }; #============= sshd_t ============== allow sshd_t var_log_t:file { read open write }; -- To view, visit http://gerrit.ovirt.org/33078 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: If30e1fd14e2a51a41d0e21e4aafacf17ffed470a Gerrit-PatchSet: 1 Gerrit-Project: ovirt-node Gerrit-Branch: master Gerrit-Owner: Fabian Deutsch <[email protected]> _______________________________________________ node-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/node-patches
