[node-patches] Change in ovirt-node[master]: update selinux module

fabiand at redhat.com fabiand at redhat.com
Fri Jul 18 15:48:52 UTC 2014 

Fabian Deutsch has uploaded a new change for review.

Change subject: update selinux module
......................................................................

update selinux module

Change-Id: I5cf1e582dbabdf17477554ea0263084a976d8709
Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1033064
Signed-off-by: Fabian Deutsch <fabiand at fedoraproject.org>
---
M semodule/ovirt.te.in
1 file changed, 28 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.ovirt.org:29418/ovirt-node refs/changes/48/30448/1

diff --git a/semodule/ovirt.te.in b/semodule/ovirt.te.in
index d42a934..f9d647e 100644
--- a/semodule/ovirt.te.in
+++ b/semodule/ovirt.te.in
@@ -14,8 +14,11 @@
 @SEMODULE_WITH_SYSTEMD@    type sshd_net_t;
 @SEMODULE_WITH_SYSTEMD@    type systemd_localed_t;
 @SEMODULE_WITH_SYSTEMD@    type systemd_unit_file_t;
+ at COLLECTD_COMMENT@    type collectd_t;
+    type etc_t;
     type dmesg_t;
     type getty_t;
+    type init_t;
     type initrc_t;
     type initrc_tmp_t;
     type init_t;
@@ -26,11 +29,13 @@
     type logrotate_t;
     type mount_t;
     type net_conf_t;
+    type passwd_file_t;
     type policykit_t;
     type sanlock_t;
     type setfiles_t;
     type shadow_t;
     type sshd_t;
+    type sshd_net_t;
     type svirt_t;
     type syslogd_t;
     type sysstat_t;
@@ -41,7 +46,12 @@
     type var_log_t;
     type var_lib_t;
     type virt_cache_t;
+    type virt_etc_t;
+    type virt_var_run_t;
+    type virtd_exec_t;
+    type virtd_t;
 ')
+
 
 #============= collectd_t ==============
 @SEMODULE_NOT_EL6 at allow collectd_t initrc_t:unix_stream_socket connectto;
@@ -50,6 +60,7 @@
 @SEMODULE_NOT_EL6 at allow collectd_t virt_etc_t:file read;
 @SEMODULE_NOT_EL6 at allow collectd_t virt_var_run_t:sock_file write;
 @SEMODULE_NOT_EL6 at allow collectd_t virtd_t:unix_stream_socket connectto;
+
 
 #============= systemd_localed_t ==============
 @SEMODULE_WITH_SYSTEMD at allow systemd_localed_t etc_t:file { write rename create setattr };
@@ -373,6 +384,23 @@
 
 
 
+#============= initrc_t ==============
+allow initrc_t sshd_net_t:process dyntransition;
+allow initrc_t unconfined_t:process dyntransition;
+
+#============= local_login_t ==============
+allow local_login_t var_log_t:file open;
+
+#============= logrotate_t ==============
+allow logrotate_t virt_cache_t:dir read;
+
+#============= svirt_t ==============
+allow svirt_t initrc_t:unix_stream_socket connectto;
+
+#============= tuned_t ==============
+allow tuned_t ovirt_t:dbus send_msg;
+
+
 type ovirt_t;
 type ovirt_exec_t;
 init_daemon_domain(ovirt_t, ovirt_exec_t)


-- 
To view, visit http://gerrit.ovirt.org/30448
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I5cf1e582dbabdf17477554ea0263084a976d8709
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-node
Gerrit-Branch: master
Gerrit-Owner: Fabian Deutsch <fabiand at redhat.com>

More information about the node-patches mailing list