[node-patches] Change in ovirt-node[node-3.0]: selinux: More permissions

[fabiand at fedoraproject.org]

Fabian Deutsch has uploaded a new change for review.

Change subject: selinux: More permissions
......................................................................

selinux: More permissions

Change-Id: Ia37aa8a6996ac39ec68633ebbc955cd4ba53df20
Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1039563
Signed-off-by: Fabian Deutsch <fabiand at fedoraproject.org>
---
M semodule/ovirt.te.in
1 file changed, 3 insertions(+), 2 deletions(-)


  git pull ssh://gerrit.ovirt.org:29418/ovirt-node refs/changes/00/22500/1

diff --git a/semodule/ovirt.te.in b/semodule/ovirt.te.in
index b112741..57cd07e 100644
--- a/semodule/ovirt.te.in
+++ b/semodule/ovirt.te.in
@@ -48,14 +48,15 @@
 allow setfiles_t net_conf_t:file read;
 allow loadkeys_t initrc_tmp_t:file read;
 allow policykit_t ovirt_t:dbus send_msg;
-allow local_login_t var_log_t:file { write create };
+allow sshd_net_t initrc_t:process sigchld;
+allow sysstat_t var_log_t:file open;
 
 #============= initrc_t ==============
 allow initrc_t sshd_net_t:process dyntransition;
 allow initrc_t unconfined_t:process dyntransition;
 
 #============= local_login_t ==============
-allow local_login_t var_log_t:file open;
+allow local_login_t var_log_t:file { open write create read lock };
 
 #============= logrotate_t ==============
 allow logrotate_t virt_cache_t:dir read;


-- 
To view, visit http://gerrit.ovirt.org/22500
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ia37aa8a6996ac39ec68633ebbc955cd4ba53df20
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-node
Gerrit-Branch: node-3.0
Gerrit-Owner: Fabian Deutsch <fabiand at fedoraproject.org>