[node-patches] Change in ovirt-node[master]: semodule: Move sshd_keygen_t to conditional
fabiand at fedoraproject.org
fabiand at fedoraproject.org
Tue May 6 16:25:25 UTC 2014
Fabian Deutsch has uploaded a new change for review.
Change subject: semodule: Move sshd_keygen_t to conditional
......................................................................
semodule: Move sshd_keygen_t to conditional
Change-Id: I225f45064f414854cc116f20cb54fb24672d02b4
Signed-off-by: Fabian Deutsch <fabiand at fedoraproject.org>
---
M semodule/ovirt.te.in
1 file changed, 3 insertions(+), 6 deletions(-)
git pull ssh://gerrit.ovirt.org:29418/ovirt-node refs/changes/24/27424/1
diff --git a/semodule/ovirt.te.in b/semodule/ovirt.te.in
index 94daef3..feeb875 100644
--- a/semodule/ovirt.te.in
+++ b/semodule/ovirt.te.in
@@ -345,17 +345,14 @@
#============= sshd_keygen_t ==============
optional_policy(`
require {
+ type ssh_keygen_t;
type sshd_keygen_t;
type tmpfs_t;
}
allow sshd_keygen_t tmpfs_t:dir { search };
+ allow sshd_keygen_t setfiles_t:process { siginh rlimitinh noatsecure };
+ allow sshd_keygen_t ssh_keygen_t:process { siginh rlimitinh noatsecure };
')
-require {
- type sshd_keygen_t;
- type ssh_keygen_t;
-}
-allow sshd_keygen_t setfiles_t:process { siginh rlimitinh noatsecure };
-allow sshd_keygen_t ssh_keygen_t:process { siginh rlimitinh noatsecure };
#============= mandb_t ==============
--
To view, visit http://gerrit.ovirt.org/27424
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I225f45064f414854cc116f20cb54fb24672d02b4
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-node
Gerrit-Branch: master
Gerrit-Owner: Fabian Deutsch <fabiand at fedoraproject.org>
More information about the node-patches
mailing list