Ryan Barry has uploaded a new change for review. Change subject: SElinux changes for CIM ......................................................................
SElinux changes for CIM New SElinux rules for newer EL Change-Id: I81c1c80944589800b851988e7e24902075579d46 Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1120621 Signed-off-by: Ryan Barry <[email protected]> --- M semodule/ovirt.te.in 1 file changed, 22 insertions(+), 0 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-node refs/changes/02/34802/1 diff --git a/semodule/ovirt.te.in b/semodule/ovirt.te.in index bb183dc..a35cd60 100644 --- a/semodule/ovirt.te.in +++ b/semodule/ovirt.te.in @@ -66,6 +66,28 @@ allow hald_t ovirt_t:dbus send_msg; ') +#============= sblim_sfcbd_t ============== +optional_policy(` + require { + type sblim_sfcbd_t; + type virt_var_run_t; + type virt_etc_t; + type virtd_t; + type chkpwd_exec_t; + type user_tmp_t; + } + allow sblim_sfcbd_t chkpwd_exec_t:file { read execute open execute_no_trans }; + allow sblim_sfcbd_t self:capability { setuid audit_write dac_override }; + allow sblim_sfcbd_t self:netlink_audit_socket { nlmsg_relay create write }; + allow sblim_sfcbd_t shadow_t:file { read getattr open }; + allow sblim_sfcbd_t user_tmp_t:sock_file { write unlink }; + allow sblim_sfcbd_t virt_etc_t:file { read open }; + allow sblim_sfcbd_t virt_var_run_t:dir search; + allow sblim_sfcbd_t virt_var_run_t:sock_file write; + + allow sblim_sfcbd_t virtd_t:unix_stream_socket connectto; +') + #============= initrc_t ============== @SEMODULE_WITH_SYSTEMD@allow initrc_t sshd_net_t:process dyntransition; allow initrc_t unconfined_t:process dyntransition; -- To view, visit http://gerrit.ovirt.org/34802 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I81c1c80944589800b851988e7e24902075579d46 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-node Gerrit-Branch: master Gerrit-Owner: Ryan Barry <[email protected]> _______________________________________________ node-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/node-patches
