[node-patches] Change in ovirt-node[master]: selinux: Policy update localectl + loadkeys
fabiand at fedoraproject.org
fabiand at fedoraproject.org
Mon Apr 15 11:39:22 UTC 2013
Fabian Deutsch has uploaded a new change for review.
Change subject: selinux: Policy update localectl + loadkeys
......................................................................
selinux: Policy update localectl + loadkeys
Policy update to reflect new usage patterns by using localectl.
rhbz#952204
rhbz#952206
Change-Id: I3b452c8fae958bce92a4a90773d24ceaeb4b15d2
Signed-off-by: Fabian Deutsch <fabiand at fedoraproject.org>
---
M recipe/ovirt17-post.ks
1 file changed, 8 insertions(+), 2 deletions(-)
git pull ssh://gerrit.ovirt.org:29418/ovirt-node refs/changes/22/13922/1
diff --git a/recipe/ovirt17-post.ks b/recipe/ovirt17-post.ks
index 41def35..05a8c93 100644
--- a/recipe/ovirt17-post.ks
+++ b/recipe/ovirt17-post.ks
@@ -114,8 +114,14 @@
#allow brctl_t net_conf_t:file read;
# Suppose because of collectd libvirt plugin
allow collectd_t virt_etc_t:file read;
-# Suppose because etc is on tmpfs
-allow loadkeys_t initrc_tmp_t:file read;
+
+#============= loadkeys_t ==============
+allow loadkeys_t initrc_tmp_t:file { open read };
+
+#============= systemd_localed_t ==============
+allow systemd_localed_t etc_t:file { write rename create setattr };
+allow systemd_localed_t init_t:dbus send_msg;
+allow systemd_localed_t initrc_t:dbus send_msg;
type ovirt_exec_t;
init_daemon_domain(unconfined_t,ovirt_exec_t)
--
To view, visit http://gerrit.ovirt.org/13922
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I3b452c8fae958bce92a4a90773d24ceaeb4b15d2
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-node
Gerrit-Branch: master
Gerrit-Owner: Fabian Deutsch <fabiand at fedoraproject.org>
More information about the node-patches
mailing list