[node-patches] Change in ovirt-node[master]: ovirt.te: svirt_t bin_t:file entrypoint
dougsland at redhat.com
dougsland at redhat.com
Tue Oct 14 02:00:30 UTC 2014
Douglas Schilling Landgraf has uploaded a new change for review.
Change subject: ovirt.te: svirt_t bin_t:file entrypoint
......................................................................
ovirt.te: svirt_t bin_t:file entrypoint
This patch adds:
- allow svirt_t bin_t:file entrypoint;
Change-Id: I0b3d9a0960ffb03b73c7a02067f73e6d68881db4
Signed-off-by: Douglas Schilling Landgraf <dougsland at redhat.com>
---
M semodule/ovirt.te.in
1 file changed, 4 insertions(+), 1 deletion(-)
git pull ssh://gerrit.ovirt.org:29418/ovirt-node refs/changes/02/34102/1
diff --git a/semodule/ovirt.te.in b/semodule/ovirt.te.in
index b45fc93..fa90ec2 100644
--- a/semodule/ovirt.te.in
+++ b/semodule/ovirt.te.in
@@ -219,10 +219,13 @@
allow sshd_t ovirt_t:unix_dgram_socket sendto;
#============= svirt_t ==============
+require {
+ type bin_t;
+}
allow svirt_t initrc_t:unix_stream_socket connectto;
allow svirt_t sanlock_t:unix_stream_socket connectto;
allow svirt_t nfs_t:file open;
-
+allow svirt_t bin_t:file entrypoint;
#============= syslogd_t ==============
allow syslogd_t var_lib_t:file { write getattr open };
--
To view, visit http://gerrit.ovirt.org/34102
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I0b3d9a0960ffb03b73c7a02067f73e6d68881db4
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-node
Gerrit-Branch: master
Gerrit-Owner: Douglas Schilling Landgraf <dougsland at redhat.com>
More information about the node-patches
mailing list