[node-patches] Change in ovirt-node[master]: selinux: Some more rules
fabiand at redhat.com
fabiand at redhat.com
Fri Sep 19 13:07:50 UTC 2014
Fabian Deutsch has uploaded a new change for review.
Change subject: selinux: Some more rules
......................................................................
selinux: Some more rules
Needed for el7.
Change-Id: If30e1fd14e2a51a41d0e21e4aafacf17ffed470a
Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1120650
Signed-off-by: Fabian Deutsch <fabiand at fedoraproject.org>
---
M semodule/ovirt.te.in
1 file changed, 18 insertions(+), 0 deletions(-)
git pull ssh://gerrit.ovirt.org:29418/ovirt-node refs/changes/78/33078/1
diff --git a/semodule/ovirt.te.in b/semodule/ovirt.te.in
index 0be89d6..bb0b3e6 100644
--- a/semodule/ovirt.te.in
+++ b/semodule/ovirt.te.in
@@ -48,6 +48,10 @@
')
+#============= avahi_t ==============
+allow avahi_t tmpfs_t:file { read getattr open };
+
+
#============= collectd_t ==============
@SEMODULE_NOT_EL6 at allow collectd_t initrc_t:unix_stream_socket connectto;
@SEMODULE_NOT_EL6 at allow collectd_t passwd_file_t:file { open read };
@@ -55,6 +59,19 @@
@SEMODULE_NOT_EL6 at allow collectd_t virt_etc_t:file read;
@SEMODULE_NOT_EL6 at allow collectd_t virt_var_run_t:sock_file write;
@SEMODULE_NOT_EL6 at allow collectd_t virtd_t:unix_stream_socket connectto;
+
+
+#============= dnsmasq_t ==============
+optional_policy(`
+ require {
+ type dnsmasq_t;
+ }
+ allow dnsmasq_t tmpfs_t:dir search;
+')
+
+
+#============= sanlock_t ==============
+allow sanlock_t tmpfs_t:dir search;
#============= systemd_localed_t ==============
@@ -143,6 +160,7 @@
}
allow snmpd_t device_t:sock_file write;
allow snmpd_t ovirt_t:unix_dgram_socket sendto;
+allow snmpd_t tmpfs_t:file { read getattr open };
#============= sshd_t ==============
allow sshd_t var_log_t:file { read open write };
--
To view, visit http://gerrit.ovirt.org/33078
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: If30e1fd14e2a51a41d0e21e4aafacf17ffed470a
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-node
Gerrit-Branch: master
Gerrit-Owner: Fabian Deutsch <fabiand at redhat.com>
More information about the node-patches
mailing list