Fabian Deutsch has uploaded a new change for review. Change subject: semodule: Remove some duplicate rules ......................................................................
semodule: Remove some duplicate rules and merge some rules. Change-Id: Ia092fb18c738be774dc077f96109028d49778070 Signed-off-by: Fabian Deutsch <[email protected]> --- M semodule/ovirt.te.in 1 file changed, 6 insertions(+), 18 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-node refs/changes/81/33481/1 diff --git a/semodule/ovirt.te.in b/semodule/ovirt.te.in index e7b4913..63326d1 100644 --- a/semodule/ovirt.te.in +++ b/semodule/ovirt.te.in @@ -134,11 +134,6 @@ allow local_login_t var_log_t:dir { write add_name }; -#============= logrotate_t ============== -allow logrotate_t var_lib_t:file write; -allow logrotate_t virt_cache_t:dir { read getattr }; - - #============= mount_t ============== allow mount_t shadow_t:file mounton; allow mount_t unlabeled_t:filesystem remount; @@ -286,6 +281,7 @@ allow systemd_localed_t security_t:file { open read }; ') + #============= rhsmcertd_t ============== optional_policy(` require { @@ -296,6 +292,7 @@ allow rhsmcertd_t auditd_log_t:dir { write getattr add_name search }; allow rhsmcertd_t auditd_log_t:file { create open getattr append }; ') + #============= sblim_sfcbd_t ============== optional_policy(` @@ -409,11 +406,13 @@ allow chkpwd_t tmpfs_t:dir search; allow chkpwd_t file_t:file { read open getattr }; + #============= passwd_t ============== require { type passwd_t; } allow passwd_t file_t:file { read open getattr }; + #============= getty_t ============== require { @@ -424,7 +423,6 @@ allow getty_t tmpfs_t:dir search; allow getty_t auditd_log_t:file { write lock open }; allow getty_t auditd_log_t:dir search; - #============= ifconfig_t ============== @@ -475,15 +473,11 @@ #============= logrotate_t ============== -allow logrotate_t virt_cache_t:dir read; allow logrotate_t auditd_log_t:dir read; allow logrotate_t auditd_log_t:file getattr; -allow logrotate_t virt_cache_t:dir { write remove_name add_name }; +allow logrotate_t var_lib_t:file write; +allow logrotate_t virt_cache_t:dir { read getattr write remove_name add_name }; allow logrotate_t virt_cache_t:file { rename setattr read create getattr write ioctl unlink open }; - - -#============= svirt_t ============== -allow svirt_t initrc_t:unix_stream_socket connectto; #============= firewalld_t ============== @@ -496,12 +490,6 @@ ') -# Remove this block once the bug is solved -# Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1025401 -#============= iscsid_t ============== -allow iscsid_t iscsi_var_lib_t:dir { write remove_name create add_name rmdir }; -allow iscsid_t iscsi_var_lib_t:file { write create unlink }; -allow iscsid_t iscsi_var_lib_t:lnk_file { create unlink }; # -- To view, visit http://gerrit.ovirt.org/33481 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ia092fb18c738be774dc077f96109028d49778070 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-node Gerrit-Branch: master Gerrit-Owner: Fabian Deutsch <[email protected]> _______________________________________________ node-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/node-patches
