Douglas Schilling Landgraf has uploaded a new change for review. Change subject: ovirt.te: passwd_file_t rules ......................................................................
ovirt.te: passwd_file_t rules Adds required types for passwd_file_t to work both in EL6 and EL7. Change-Id: I54eaf09cc501b5ce918e4ac1f2586472f46b45a6 Signed-off-by: Douglas Schilling Landgraf <[email protected]> --- M semodule/ovirt.te.in 1 file changed, 19 insertions(+), 9 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-node refs/changes/54/33554/1 diff --git a/semodule/ovirt.te.in b/semodule/ovirt.te.in index 5c92300..3e1d80b 100644 --- a/semodule/ovirt.te.in +++ b/semodule/ovirt.te.in @@ -3,9 +3,7 @@ # Existence of types can be checked at runtime using: # seinfo -t<type> gen_require(` -@SEMODULE_NOT_EL6@ type collectd_t; @SEMODULE_NOT_EL6@ type NetworkManager_t; -@SEMODULE_NOT_EL6@ type passwd_file_t; @SEMODULE_WITH_SYSTEMD@ type systemd_localed_t; @SEMODULE_WITH_SYSTEMD@ type systemd_unit_file_t; @SEMODULE_WITH_SYSTEMD@ type systemd_localed_t; @@ -58,12 +56,18 @@ #============= collectd_t ============== -@SEMODULE_NOT_EL6@allow collectd_t initrc_t:unix_stream_socket connectto; -@SEMODULE_NOT_EL6@allow collectd_t passwd_file_t:file { open read }; -@SEMODULE_NOT_EL6@allow collectd_t virtd_exec_t:file getattr; -@SEMODULE_NOT_EL6@allow collectd_t virt_etc_t:file read; -@SEMODULE_NOT_EL6@allow collectd_t virt_var_run_t:sock_file write; -@SEMODULE_NOT_EL6@allow collectd_t virtd_t:unix_stream_socket connectto; +optional_policy(` + require { + type collectd_t; + type passwd_file_t; + } + allow collectd_t passwd_file_t:file { open read }; + allow collectd_t initrc_t:unix_stream_socket connectto; + allow collectd_t virtd_exec_t:file getattr; + allow collectd_t virt_etc_t:file read; + allow collectd_t virt_var_run_t:sock_file write; + allow collectd_t virtd_t:unix_stream_socket connectto; +') #============= dnsmasq_t ============== @@ -125,10 +129,16 @@ require { type local_login_t; } + +optional_policy(` + require { + type passwd_file_t; + } + allow local_login_t passwd_file_t:file write; +') allow local_login_t auditd_log_t:dir { search write add_name }; allow local_login_t auditd_log_t:file { write lock create open read }; allow local_login_t chkpwd_t:process { siginh rlimitinh noatsecure }; -allow local_login_t passwd_file_t:file write; allow local_login_t shadow_t:file { write rename create unlink setattr }; allow local_login_t tmpfs_t:dir { write remove_name add_name }; allow local_login_t var_log_t:file { open write create read lock }; -- To view, visit http://gerrit.ovirt.org/33554 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I54eaf09cc501b5ce918e4ac1f2586472f46b45a6 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-node Gerrit-Branch: master Gerrit-Owner: Douglas Schilling Landgraf <[email protected]> _______________________________________________ node-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/node-patches
