[node-patches] Change in ovirt-node[node-3.0]: Alter semodule file to be smart about OS capabilities

mburns at redhat.com mburns at redhat.com
Wed May 22 11:33:30 UTC 2013


Michael Burns has posted comments on this change.

Change subject: Alter semodule file to be smart about OS capabilities
......................................................................


Patch Set 3: (1 inline comment)

....................................................
File semodule/ovirt.te.in
Line 19:     type policykit_t;
Line 20: ')
Line 21: 
Line 22: #============= collectd_t ==============
Line 23: @COLLECTD_COMMENT at allow collectd_t passwd_file_t:file { open read };
there is probably a way to do that.  I'm not familiar with .te-parts.  It might be possible to do something with multiple .te files and conditionally build/install the modules in the Makefile, but that's probably a bigger effort than we need right now.
Line 24: @COLLECTD_COMMENT at allow collectd_t virtd_exec_t:file getattr;
Line 25: @COLLECTD_COMMENT at allow collectd_t virt_etc_t:file read;
Line 26: @COLLECTD_COMMENT at allow collectd_t virt_var_run_t:sock_file write;
Line 27: 


--
To view, visit http://gerrit.ovirt.org/14843
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I7bc3339e94723639922c2458214449f14ea1cbee
Gerrit-PatchSet: 3
Gerrit-Project: ovirt-node
Gerrit-Branch: node-3.0
Gerrit-Owner: Michael Burns <mburns at redhat.com>
Gerrit-Reviewer: Fabian Deutsch <fabiand at fedoraproject.org>
Gerrit-Reviewer: Michael Burns <mburns at redhat.com>



More information about the node-patches mailing list