[node-patches] Change in ovirt-node[ovirt-3.5]: semodule: Fix some incorrect impots
rbarry at redhat.com
rbarry at redhat.com
Wed Aug 27 19:03:47 UTC 2014
Hello Fabian Deutsch,
I'd like you to do a code review. Please visit
http://gerrit.ovirt.org/32098
to review the following change.
Change subject: semodule: Fix some incorrect impots
......................................................................
semodule: Fix some incorrect impots
sshd_net_t does not exist on el6, thus only include it optionally.
Change-Id: I7557545f8678fe238f72754bffe0b10b95bf3404
Signed-off-by: Fabian Deutsch <fabiand at fedoraproject.org>
---
M semodule/ovirt.te.in
1 file changed, 19 insertions(+), 8 deletions(-)
git pull ssh://gerrit.ovirt.org:29418/ovirt-node refs/changes/98/32098/1
diff --git a/semodule/ovirt.te.in b/semodule/ovirt.te.in
index b86da7c..6a5d717 100644
--- a/semodule/ovirt.te.in
+++ b/semodule/ovirt.te.in
@@ -34,7 +34,6 @@
type sanlock_t;
type setfiles_t;
type shadow_t;
- type sshd_net_t;
type sshd_t;
type svirt_t;
type syslogd_t;
@@ -79,7 +78,12 @@
#============= initrc_t ==============
- at SEMODULE_WITH_SYSTEMD@allow initrc_t sshd_net_t:process dyntransition;
+optional_policy(`
+ require {
+ type sshd_net_t;
+ }
+ allow initrc_t sshd_net_t:process dyntransition;
+')
allow initrc_t unconfined_t:process dyntransition;
@@ -126,8 +130,16 @@
allow setfiles_t dhcpc_t:udp_socket { read write };
+#============= sshd_net_t ==============
+optional_policy(`
+ require {
+ type sshd_net_t;
+ }
+ allow sshd_net_t initrc_t:process sigchld;
+')
+
+
#============= sshd_t ==============
- at SEMODULE_WITH_SYSTEMD@allow sshd_net_t initrc_t:process sigchld;
allow sshd_t var_log_t:file { read open write };
@@ -411,23 +423,22 @@
')
-
-#============= initrc_t ==============
-allow initrc_t sshd_net_t:process dyntransition;
-allow initrc_t unconfined_t:process dyntransition;
-
#============= local_login_t ==============
allow local_login_t var_log_t:file { open write create read lock };
+
#============= logrotate_t ==============
allow logrotate_t virt_cache_t:dir read;
+
#============= svirt_t ==============
allow svirt_t initrc_t:unix_stream_socket connectto;
+
#============= tuned_t ==============
allow tuned_t ovirt_t:dbus send_msg;
+
# Remove this block once the bug is solved
# Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1025401
#============= iscsid_t ==============
--
To view, visit http://gerrit.ovirt.org/32098
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I7557545f8678fe238f72754bffe0b10b95bf3404
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-node
Gerrit-Branch: ovirt-3.5
Gerrit-Owner: Ryan Barry <rbarry at redhat.com>
Gerrit-Reviewer: Fabian Deutsch <fabiand at redhat.com>
More information about the node-patches
mailing list