Douglas Schilling Landgraf has uploaded a new change for review. Change subject: semodule: update iptables module ......................................................................
semodule: update iptables module Thanks for Charlie Inglese <[email protected]> for reporting. Change-Id: Ie7f9a58b111ec80d662020ef3849aa1b7e614d4d Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1294517 Signed-off-by: Douglas Schilling Landgraf <[email protected]> --- M semodule/ovirt.te.in 1 file changed, 5 insertions(+), 0 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-node refs/changes/52/51452/1 diff --git a/semodule/ovirt.te.in b/semodule/ovirt.te.in index 48c2851..659c325 100644 --- a/semodule/ovirt.te.in +++ b/semodule/ovirt.te.in @@ -483,10 +483,15 @@ require { type iptables_t; type insmod_t; + type var_lib_t; + class dir { write remove_name create add_name }; + class file { write create unlink open }; } allow iptables_t tmpfs_t:dir search; allow iptables_t insmod_t:process { siginh rlimitinh noatsecure }; allow iptables_t user_tmpfs_t:file { read open getattr }; + allow iptables_t var_lib_t:dir { write remove_name create add_name }; + allow iptables_t var_lib_t:file { write create unlink open }; ') #============= init_t ============== -- To view, visit https://gerrit.ovirt.org/51452 To unsubscribe, visit https://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ie7f9a58b111ec80d662020ef3849aa1b7e614d4d Gerrit-PatchSet: 1 Gerrit-Project: ovirt-node Gerrit-Branch: master Gerrit-Owner: Douglas Schilling Landgraf <[email protected]> _______________________________________________ node-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/node-patches
