Douglas Schilling Landgraf has posted comments on this change. Change subject: semodule: update iptables module ......................................................................
Patch Set 2: (1 comment) https://gerrit.ovirt.org/#/c/51452/2/semodule/ovirt.te.in File semodule/ovirt.te.in: Line 484: type iptables_t; Line 485: type insmod_t; Line 486: type var_lib_t; Line 487: class dir { write remove_name create add_name }; Line 488: class file { write create unlink open }; > Are you sure we need to import the classes? Did you try it without? I didn't tried locally, I have build an image with it and users reported it worked to him. If it's not urgent bug, I can prepare a setup later this week. Line 489: } Line 490: allow iptables_t tmpfs_t:dir search; Line 491: allow iptables_t insmod_t:process { siginh rlimitinh noatsecure }; Line 492: allow iptables_t user_tmpfs_t:file { read open getattr }; -- To view, visit https://gerrit.ovirt.org/51452 To unsubscribe, visit https://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: Ie7f9a58b111ec80d662020ef3849aa1b7e614d4d Gerrit-PatchSet: 2 Gerrit-Project: ovirt-node Gerrit-Branch: master Gerrit-Owner: Douglas Schilling Landgraf <[email protected]> Gerrit-Reviewer: Douglas Schilling Landgraf <[email protected]> Gerrit-Reviewer: Fabian Deutsch <[email protected]> Gerrit-Reviewer: Jenkins CI Gerrit-Reviewer: gerrit-hooks <[email protected]> Gerrit-HasComments: Yes _______________________________________________ node-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/node-patches
