[node-patches] Change in ovirt-node[master]: semodule: Fixup to many conditionals
fabiand at fedoraproject.org
fabiand at fedoraproject.org
Fri Jun 27 09:22:34 UTC 2014
Fabian Deutsch has uploaded a new change for review.
Change subject: semodule: Fixup to many conditionals
......................................................................
semodule: Fixup to many conditionals
Change-Id: I37be28fbc5bcd5650f48c5a8b7a9de54a6c39273
Signed-off-by: Fabian Deutsch <fabiand at fedoraproject.org>
---
M semodule/ovirt.te.in
1 file changed, 3 insertions(+), 15 deletions(-)
git pull ssh://gerrit.ovirt.org:29418/ovirt-node refs/changes/36/29336/1
diff --git a/semodule/ovirt.te.in b/semodule/ovirt.te.in
index 585a9ce..d42a934 100644
--- a/semodule/ovirt.te.in
+++ b/semodule/ovirt.te.in
@@ -14,6 +14,7 @@
@SEMODULE_WITH_SYSTEMD@ type sshd_net_t;
@SEMODULE_WITH_SYSTEMD@ type systemd_localed_t;
@SEMODULE_WITH_SYSTEMD@ type systemd_unit_file_t;
+ type dmesg_t;
type getty_t;
type initrc_t;
type initrc_tmp_t;
@@ -34,6 +35,7 @@
type syslogd_t;
type sysstat_t;
type tuned_t;
+ type tmpfs_t;
type unconfined_t;
type unlabeled_t;
type var_log_t;
@@ -266,13 +268,7 @@
#============= dmesg_t ==============
-optional_policy(`
- require {
- type dmesg_t;
- type tmpfs_t;
- }
- allow dmesg_t tmpfs_t:dir search;
-')
+allow dmesg_t tmpfs_t:dir search;
#============= iptables_t ==============
@@ -280,7 +276,6 @@
require {
type iptables_t;
type insmod_t;
- type tmpfs_t;
}
allow iptables_t tmpfs_t:dir search;
allow iptables_t insmod_t:process { siginh rlimitinh noatsecure };
@@ -293,13 +288,6 @@
type rpcbind_t;
}
allow rpcbind_t self:udp_socket listen;
-')
-
-optional_policy(`
- require {
- type rpcbind_t;
- type tmpfs_t;
- }
allow rpcbind_t tmpfs_t:dir search;
')
--
To view, visit http://gerrit.ovirt.org/29336
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I37be28fbc5bcd5650f48c5a8b7a9de54a6c39273
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-node
Gerrit-Branch: master
Gerrit-Owner: Fabian Deutsch <fabiand at fedoraproject.org>
Gerrit-Reviewer: Fabian Deutsch <fabiand at fedoraproject.org>
More information about the node-patches
mailing list