Re: [ovs-dev] [PATCH v2 4/5] selinux: introduce domain transitioned kmod helper

Mon, 14 May 2018 09:32:27 -0700 

On Fri, 4 May 2018 at 11:28, Aaron Conole <[email protected]> wrote:

> This commit uses the previously defined selinux label to transition
> from the openvswitch_t to openvswitch_load_module_t domain by
> executing ovs-kmod-ctl that is labelled with
> openvswitch_load_module_exec_t type.

> Note that unless the selinux relabel operation is invoked, the script
> will not be labelled.  This merely instructs the selinux tools that
> ovs-kmod-ctl should have a label applied.

> Acked-By: Timothy Redaelli <[email protected]>
> Signed-off-by: Aaron Conole <[email protected]>
Acked-by: Ansis Atteka <[email protected]>
> ---
>   selinux/.gitignore               | 4 ++++
>   selinux/automake.mk              | 3 ++-
>   selinux/openvswitch-custom.fc.in | 1 +
>   3 files changed, 7 insertions(+), 1 deletion(-)
>   create mode 100644 selinux/openvswitch-custom.fc.in

> diff --git a/selinux/.gitignore b/selinux/.gitignore
> index 83a0afb51..64e834cd1 100644
> --- a/selinux/.gitignore
> +++ b/selinux/.gitignore
> @@ -1 +1,5 @@
>   openvswitch-custom.te
> +openvswitch-custom.fc
> +openvswitch-custom.pp
> +openvswitch-custom.if
> +tmp/
> diff --git a/selinux/automake.mk b/selinux/automake.mk
> index b37e8f337..c7dfe6ed5 100644
> --- a/selinux/automake.mk
> +++ b/selinux/automake.mk
> @@ -6,11 +6,12 @@
>   # without warranty of any kind.

>   EXTRA_DIST += \
> +        selinux/openvswitch-custom.fc.in \
>           selinux/openvswitch-custom.te.in

>   PHONY: selinux-policy

> -selinux-policy: selinux/openvswitch-custom.te
> +selinux-policy: selinux/openvswitch-custom.te
selinux/openvswitch-custom.fc
>          $(MAKE) -C selinux/ -f /usr/share/selinux/devel/Makefile

>   CLEANFILES += \
> diff --git a/selinux/openvswitch-custom.fc.in b/selinux/
openvswitch-custom.fc.in
> new file mode 100644
> index 000000000..c2756d04b
> --- /dev/null
> +++ b/selinux/openvswitch-custom.fc.in
> @@ -0,0 +1 @@
> +@pkgdatadir@/scripts/ovs-kmod-ctl --
gen_context(system_u:object_r:openvswitch_load_module_exec_t,s0)
> --
> 2.14.3
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Reply via email to