[node-patches] Change in ovirt-node[master]: selinux: Updates for auditd changes
fabiand at redhat.com
fabiand at redhat.com
Thu Sep 18 04:45:55 UTC 2014
Fabian Deutsch has uploaded a new change for review.
Change subject: selinux: Updates for auditd changes
......................................................................
selinux: Updates for auditd changes
Change-Id: I41c42eea5f41eb38dfa73b22089f1eeb38dca3a5
Signed-off-by: Fabian Deutsch <fabiand at fedoraproject.org>
---
M semodule/ovirt.te.in
1 file changed, 10 insertions(+), 1 deletion(-)
git pull ssh://gerrit.ovirt.org:29418/ovirt-node refs/changes/27/33027/1
diff --git a/semodule/ovirt.te.in b/semodule/ovirt.te.in
index bf41847..c68353a 100644
--- a/semodule/ovirt.te.in
+++ b/semodule/ovirt.te.in
@@ -11,6 +11,7 @@
@SEMODULE_WITH_SYSTEMD@ type systemd_localed_t;
@SEMODULE_WITH_SYSTEMD@ type systemd_unit_file_t;
@SEMODULE_WITH_SYSTEMD@ type systemd_hostnamed_t;
+ type auditd_log_t;
type etc_t;
type device_t;
type dmesg_t;
@@ -381,11 +382,13 @@
#============= getty_t ==============
require {
-type getty_t;
+ type getty_t;
}
allow getty_t local_login_t:process { siginh rlimitinh noatsecure };
allow getty_t var_log_t:file { open write };
allow getty_t tmpfs_t:dir search;
+allow getty_t auditd_log_t:file { write lock open };
+
#============= ifconfig_t ==============
@@ -437,10 +440,16 @@
#============= local_login_t ==============
allow local_login_t var_log_t:file { open write create read lock };
+allow local_login_t auditd_log_t:dir { write add_name };
+allow local_login_t auditd_log_t:file { write lock create open read };
#============= logrotate_t ==============
allow logrotate_t virt_cache_t:dir read;
+allow logrotate_t auditd_log_t:dir read;
+allow logrotate_t auditd_log_t:file getattr;
+allow logrotate_t virt_cache_t:dir { write remove_name add_name };
+allow logrotate_t virt_cache_t:file { rename setattr read create getattr write ioctl unlink open };
#============= svirt_t ==============
--
To view, visit http://gerrit.ovirt.org/33027
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I41c42eea5f41eb38dfa73b22089f1eeb38dca3a5
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-node
Gerrit-Branch: master
Gerrit-Owner: Fabian Deutsch <fabiand at redhat.com>
More information about the node-patches
mailing list