[node-patches] Change in ovirt-node[master]: selinux: Further updates
fabiand at fedoraproject.org
fabiand at fedoraproject.org
Wed Dec 18 17:47:48 UTC 2013
Fabian Deutsch has uploaded a new change for review.
Change subject: selinux: Further updates
......................................................................
selinux: Further updates
Change-Id: I87908879b71f1049c37bca876f441415e1a1323d
Signed-off-by: Fabian Deutsch <fabiand at fedoraproject.org>
---
M semodule/ovirt.te.in
1 file changed, 22 insertions(+), 7 deletions(-)
git pull ssh://gerrit.ovirt.org:29418/ovirt-node refs/changes/40/22540/1
diff --git a/semodule/ovirt.te.in b/semodule/ovirt.te.in
index d1deafc..4cc486d 100644
--- a/semodule/ovirt.te.in
+++ b/semodule/ovirt.te.in
@@ -6,6 +6,7 @@
@SYSTEMD_COMMENT@ type systemd_unit_file_t;
type collectd_t;
type etc_t;
+ type getty_t;
type initrc_t;
type initrc_tmp_t;
type init_t;
@@ -37,6 +38,7 @@
')
#============= collectd_t ==============
+ at COLLECTD_COMMENT@allow collectd_t initrc_t:unix_stream_socket connectto;
@COLLECTD_COMMENT at allow collectd_t passwd_file_t:file { open read };
@COLLECTD_COMMENT at allow collectd_t virtd_exec_t:file getattr;
@COLLECTD_COMMENT at allow collectd_t virt_etc_t:file read;
@@ -49,17 +51,15 @@
@SYSTEMD_COMMENT at allow systemd_localed_t systemd_unit_file_t:service start;
@SYSTEMD_COMMENT at allow systemd_localed_t ovirt_t:dbus send_msg;
-#============= misc ==============
-allow mount_t shadow_t:file mounton;
-allow setfiles_t net_conf_t:file read;
-allow loadkeys_t initrc_tmp_t:file read;
-allow policykit_t ovirt_t:dbus send_msg;
-allow sshd_net_t initrc_t:process sigchld;
-allow sysstat_t var_log_t:file open;
+#============= getty_t ==============
+allow getty_t var_log_t:file open;
#============= initrc_t ==============
allow initrc_t sshd_net_t:process dyntransition;
allow initrc_t unconfined_t:process dyntransition;
+
+#============= loadkeys_t ==============
+allow loadkeys_t initrc_tmp_t:file read;
#============= local_login_t ==============
allow local_login_t var_log_t:file { open write create read lock };
@@ -67,9 +67,24 @@
#============= logrotate_t ==============
allow logrotate_t virt_cache_t:dir read;
+#============= mount_t ==============
+allow mount_t shadow_t:file mounton;
+
+#============= policykit_t ==============
+allow policykit_t ovirt_t:dbus send_msg;
+
+#============= setfiles_t ==============
+allow setfiles_t net_conf_t:file read;
+
+#============= sshd_t ==============
+allow sshd_net_t initrc_t:process sigchld;
+
#============= svirt_t ==============
allow svirt_t initrc_t:unix_stream_socket connectto;
+#============= sysstat_t ==============
+allow sysstat_t var_log_t:file open;
+
#============= tuned_t ==============
allow tuned_t ovirt_t:dbus send_msg;
--
To view, visit http://gerrit.ovirt.org/22540
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I87908879b71f1049c37bca876f441415e1a1323d
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-node
Gerrit-Branch: master
Gerrit-Owner: Fabian Deutsch <fabiand at fedoraproject.org>
More information about the node-patches
mailing list