[node-patches] Change in ovirt-node[master]: selinux: More permissions

fabiand at redhat.com fabiand at redhat.com
Fri Jul 18 15:48:52 UTC 2014 

Fabian Deutsch has uploaded a new change for review.

Change subject: selinux: More permissions
......................................................................

selinux: More permissions

Change-Id: Id238a01083292be24327fffbc32b9bc51f2e6c50
Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1039563
Signed-off-by: Fabian Deutsch <fabiand at fedoraproject.org>
---
M semodule/ovirt.te.in
1 file changed, 14 insertions(+), 6 deletions(-)


  git pull ssh://gerrit.ovirt.org:29418/ovirt-node refs/changes/49/30449/1

diff --git a/semodule/ovirt.te.in b/semodule/ovirt.te.in
index f9d647e..fd0545d 100644
--- a/semodule/ovirt.te.in
+++ b/semodule/ovirt.te.in
@@ -15,6 +15,9 @@
 @SEMODULE_WITH_SYSTEMD@    type systemd_localed_t;
 @SEMODULE_WITH_SYSTEMD@    type systemd_unit_file_t;
 @COLLECTD_COMMENT@    type collectd_t;
+ at SYSTEMD_COMMENT@    type systemd_localed_t;
+ at SYSTEMD_COMMENT@    type systemd_unit_file_t;
+    type collectd_t;
     type etc_t;
     type dmesg_t;
     type getty_t;
@@ -34,11 +37,10 @@
     type sanlock_t;
     type setfiles_t;
     type shadow_t;
-    type sshd_t;
     type sshd_net_t;
+    type sshd_t;
     type svirt_t;
     type syslogd_t;
-    type sysstat_t;
     type tuned_t;
     type tmpfs_t;
     type unconfined_t;
@@ -46,10 +48,10 @@
     type var_log_t;
     type var_lib_t;
     type virt_cache_t;
-    type virt_etc_t;
-    type virt_var_run_t;
     type virtd_exec_t;
     type virtd_t;
+    type virt_etc_t;
+    type virt_var_run_t;
 ')
 
 
@@ -383,13 +385,12 @@
 
 
 
-
 #============= initrc_t ==============
 allow initrc_t sshd_net_t:process dyntransition;
 allow initrc_t unconfined_t:process dyntransition;
 
 #============= local_login_t ==============
-allow local_login_t var_log_t:file open;
+allow local_login_t var_log_t:file { open write create read lock };
 
 #============= logrotate_t ==============
 allow logrotate_t virt_cache_t:dir read;
@@ -400,6 +401,13 @@
 #============= tuned_t ==============
 allow tuned_t ovirt_t:dbus send_msg;
 
+# Remove this block once the bug is solved
+# Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1025401
+#============= iscsid_t ==============
+allow iscsid_t iscsi_var_lib_t:dir { write remove_name create add_name rmdir };
+allow iscsid_t iscsi_var_lib_t:file { write create unlink };
+allow iscsid_t iscsi_var_lib_t:lnk_file { create unlink };
+
 
 type ovirt_t;
 type ovirt_exec_t;


-- 
To view, visit http://gerrit.ovirt.org/30449
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Id238a01083292be24327fffbc32b9bc51f2e6c50
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-node
Gerrit-Branch: master
Gerrit-Owner: Fabian Deutsch <fabiand at redhat.com>

More information about the node-patches mailing list