Fabian Deutsch has uploaded a new change for review. Change subject: selinux: Add few more rules ......................................................................
selinux: Add few more rules Change-Id: I2ef51391a065e7191f9bde2db460724fee9a8407 Signed-off-by: Fabian Deutsch <[email protected]> --- M semodule/ovirt.te.in 1 file changed, 8 insertions(+), 0 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-node refs/changes/49/46749/1 diff --git a/semodule/ovirt.te.in b/semodule/ovirt.te.in index 8ed0fd7..0775204 100644 --- a/semodule/ovirt.te.in +++ b/semodule/ovirt.te.in @@ -295,6 +295,7 @@ allow iscsid_t iscsi_var_lib_t:file { write create unlink }; allow iscsid_t iscsi_var_lib_t:lnk_file { create unlink }; + optional_policy(` require { type kdumpctl_tmp_t; @@ -302,6 +303,12 @@ allow iscsid_t kdumpctl_tmp_t:fifo_file write; ') +optional_policy(` + require { + type modules_dep_t; + } + allow iscsid_t modules_dep_t:file { read }; +') #============= ping_t ============== require { @@ -489,6 +496,7 @@ type rpcbind_t; } allow rpcbind_t self:udp_socket listen; + allow rpcbind_t self:capability chown; allow rpcbind_t tmpfs_t:dir search; ') -- To view, visit https://gerrit.ovirt.org/46749 To unsubscribe, visit https://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I2ef51391a065e7191f9bde2db460724fee9a8407 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-node Gerrit-Branch: ovirt-3.6 Gerrit-Owner: Fabian Deutsch <[email protected]> Gerrit-Reviewer: Fabian Deutsch <[email protected]> _______________________________________________ node-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/node-patches
