[node-patches] Change in ovirt-node[node-3.0]: Alter semodule file to be smart about OS capabilities

fabiand at fedoraproject.org fabiand at fedoraproject.org
Wed May 22 08:43:18 UTC 2013


Fabian Deutsch has posted comments on this change.

Change subject: Alter semodule file to be smart about OS capabilities
......................................................................


Patch Set 3: I would prefer that you didn't submit this

(1 inline comment)

....................................................
File semodule/ovirt.te.in
Line 19:     type policykit_t;
Line 20: ')
Line 21: 
Line 22: #============= collectd_t ==============
Line 23: @COLLECTD_COMMENT at allow collectd_t passwd_file_t:file { open read };
Can't this be solved by conditionally including .te-parts for collectd, and systemd?
Line 24: @COLLECTD_COMMENT at allow collectd_t virtd_exec_t:file getattr;
Line 25: @COLLECTD_COMMENT at allow collectd_t virt_etc_t:file read;
Line 26: @COLLECTD_COMMENT at allow collectd_t virt_var_run_t:sock_file write;
Line 27: 


--
To view, visit http://gerrit.ovirt.org/14843
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I7bc3339e94723639922c2458214449f14ea1cbee
Gerrit-PatchSet: 3
Gerrit-Project: ovirt-node
Gerrit-Branch: node-3.0
Gerrit-Owner: Michael Burns <mburns at redhat.com>
Gerrit-Reviewer: Fabian Deutsch <fabiand at fedoraproject.org>
Gerrit-Reviewer: Michael Burns <mburns at redhat.com>



More information about the node-patches mailing list