[node-patches] Change in ovirt-node[master]: selinux: More permissions
fabiand at fedoraproject.org
fabiand at fedoraproject.org
Mon Dec 9 13:47:00 UTC 2013
Fabian Deutsch has uploaded a new change for review.
Change subject: selinux: More permissions
......................................................................
selinux: More permissions
Change-Id: Ia37aa8a6996ac39ec68633ebbc955cd4ba53df20
Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1039563
Signed-off-by: Fabian Deutsch <fabiand at fedoraproject.org>
---
M semodule/ovirt.te.in
1 file changed, 9 insertions(+), 1 deletion(-)
git pull ssh://gerrit.ovirt.org:29418/ovirt-node refs/changes/98/22198/1
diff --git a/semodule/ovirt.te.in b/semodule/ovirt.te.in
index 0a49971..86104cc 100644
--- a/semodule/ovirt.te.in
+++ b/semodule/ovirt.te.in
@@ -10,12 +10,17 @@
type virt_var_run_t;
type virtd_exec_t;
type loadkeys_t;
+ type local_login_t;
+ type unconfined_t;
type etc_t;
type init_t;
+ type initrc_t;
type shadow_t;
type passwd_file_t;
type systemd_localed_t;
type systemd_unit_file_t;
+ type sshd_net_t;
+ type sysstat_t;
type policykit_t;
type local_login_t;
type var_log_t;
@@ -39,7 +44,10 @@
allow loadkeys_t initrc_tmp_t:file read;
allow policykit_t ovirt_t:dbus send_msg;
allow local_login_t var_log_t:file { write create };
-
+allow initrc_t unconfined_t:process dyntransition;
+allow local_login_t var_log_t:file { read lock };
+allow sshd_net_t initrc_t:process sigchld;
+allow sysstat_t var_log_t:file open;
# Remove this block once the bug is solved
# Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1025401
--
To view, visit http://gerrit.ovirt.org/22198
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ia37aa8a6996ac39ec68633ebbc955cd4ba53df20
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-node
Gerrit-Branch: master
Gerrit-Owner: Fabian Deutsch <fabiand at fedoraproject.org>
More information about the node-patches
mailing list