[node-patches] Change in ovirt-node[master]: update selinux module

[fabiand at fedoraproject.org]

Fabian Deutsch has uploaded a new change for review.

Change subject: update selinux module
......................................................................

update selinux module

Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1033064
Change-Id: I2f42a94450d7365b9d11afcc332810a5f6c65879
Signed-off-by: Fabian Deutsch <fabiand at fedoraproject.org>
---
M semodule/ovirt.te.in
1 file changed, 44 insertions(+), 11 deletions(-)


  git pull ssh://gerrit.ovirt.org:29418/ovirt-node refs/changes/97/22497/1

diff --git a/semodule/ovirt.te.in b/semodule/ovirt.te.in
index 2763fb3..f3af907 100644
--- a/semodule/ovirt.te.in
+++ b/semodule/ovirt.te.in
@@ -1,24 +1,39 @@
 policy_module(ovirt, 1.0)
 
 gen_require(`
-    type initrc_tmp_t;
-    type mount_t;
-    type setfiles_t;
-    type net_conf_t;
+ at COLLECTD_COMMENT@    type collectd_t;
+ at SYSTEMD_COMMENT@    type systemd_localed_t;
+ at SYSTEMD_COMMENT@    type systemd_unit_file_t;
     type collectd_t;
-    type virt_etc_t;
-    type virt_var_run_t;
-    type virtd_exec_t;
-    type loadkeys_t;
     type etc_t;
+    type initrc_t;
+    type initrc_tmp_t;
     type init_t;
-    type shadow_t;
+    type iscsid_t;
+    type iscsi_var_lib_t;
+    type loadkeys_t;
+    type local_login_t;
+    type logrotate_t;
+    type mount_t;
+    type net_conf_t;
     type passwd_file_t;
+    type policykit_t;
+    type setfiles_t;
+    type shadow_t;
+    type sshd_net_t;
+    type sshd_t;
+    type svirt_t;
+    type sysstat_t;
     type systemd_localed_t;
     type systemd_unit_file_t;
-    type policykit_t;
-    type local_login_t;
+    type tuned_t;
+    type unconfined_t;
     type var_log_t;
+    type virt_cache_t;
+    type virtd_exec_t;
+    type virtd_t;
+    type virt_etc_t;
+    type virt_var_run_t;
 ')
 
 #============= collectd_t ==============
@@ -26,6 +41,7 @@
 @COLLECTD_COMMENT at allow collectd_t virtd_exec_t:file getattr;
 @COLLECTD_COMMENT at allow collectd_t virt_etc_t:file read;
 @COLLECTD_COMMENT at allow collectd_t virt_var_run_t:sock_file write;
+ at COLLECTD_COMMENT@allow collectd_t virtd_t:unix_stream_socket connectto;
 
 #============= systemd_localed_t ==============
 @SYSTEMD_COMMENT at allow systemd_localed_t etc_t:file { write rename create setattr };
@@ -40,6 +56,23 @@
 allow policykit_t ovirt_t:dbus send_msg;
 allow local_login_t var_log_t:file { write create };
 
+#============= initrc_t ==============
+allow initrc_t sshd_net_t:process dyntransition;
+allow initrc_t unconfined_t:process dyntransition;
+
+#============= local_login_t ==============
+allow local_login_t var_log_t:file open;
+
+#============= logrotate_t ==============
+allow logrotate_t virt_cache_t:dir read;
+
+#============= svirt_t ==============
+allow svirt_t initrc_t:unix_stream_socket connectto;
+
+#============= tuned_t ==============
+allow tuned_t ovirt_t:dbus send_msg;
+
+
 type ovirt_t;
 type ovirt_exec_t;
 init_daemon_domain(ovirt_t, ovirt_exec_t)


-- 
To view, visit http://gerrit.ovirt.org/22497
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I2f42a94450d7365b9d11afcc332810a5f6c65879
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-node
Gerrit-Branch: master
Gerrit-Owner: Fabian Deutsch <fabiand at fedoraproject.org>