[node-patches] Change in ovirt-node[master]: semodule: Remove some duplicate rules

[fabiand at redhat.com]

Fabian Deutsch has uploaded a new change for review.

Change subject: semodule: Remove some duplicate rules
......................................................................

semodule: Remove some duplicate rules

and merge some rules.

Change-Id: Ia092fb18c738be774dc077f96109028d49778070
Signed-off-by: Fabian Deutsch <fabiand at fedoraproject.org>
---
M semodule/ovirt.te.in
1 file changed, 6 insertions(+), 18 deletions(-)


  git pull ssh://gerrit.ovirt.org:29418/ovirt-node refs/changes/81/33481/1

diff --git a/semodule/ovirt.te.in b/semodule/ovirt.te.in
index e7b4913..63326d1 100644
--- a/semodule/ovirt.te.in
+++ b/semodule/ovirt.te.in
@@ -134,11 +134,6 @@
 allow local_login_t var_log_t:dir { write add_name };
 
 
-#============= logrotate_t ==============
-allow logrotate_t var_lib_t:file write;
-allow logrotate_t virt_cache_t:dir { read getattr };
-
-
 #============= mount_t ==============
 allow mount_t shadow_t:file mounton;
 allow mount_t unlabeled_t:filesystem remount;
@@ -286,6 +281,7 @@
     allow systemd_localed_t security_t:file { open read };
 ')
 
+
 #============= rhsmcertd_t ==============
 optional_policy(`
     require {
@@ -296,6 +292,7 @@
     allow rhsmcertd_t auditd_log_t:dir { write getattr add_name search };
     allow rhsmcertd_t auditd_log_t:file { create open getattr append };
 ')
+
 
 #============= sblim_sfcbd_t ==============
 optional_policy(`
@@ -409,11 +406,13 @@
 allow chkpwd_t tmpfs_t:dir search;
 allow chkpwd_t file_t:file { read open getattr };
 
+
 #============= passwd_t ==============
 require {
 type passwd_t;
 }
 allow passwd_t file_t:file { read open getattr };
+
 
 #============= getty_t ==============
 require {
@@ -424,7 +423,6 @@
 allow getty_t tmpfs_t:dir search;
 allow getty_t auditd_log_t:file { write lock open };
 allow getty_t auditd_log_t:dir search;
-
 
 
 #============= ifconfig_t ==============
@@ -475,15 +473,11 @@
 
 
 #============= logrotate_t ==============
-allow logrotate_t virt_cache_t:dir read;
 allow logrotate_t auditd_log_t:dir read;
 allow logrotate_t auditd_log_t:file getattr;
-allow logrotate_t virt_cache_t:dir { write remove_name add_name };
+allow logrotate_t var_lib_t:file write;
+allow logrotate_t virt_cache_t:dir { read getattr write remove_name add_name };
 allow logrotate_t virt_cache_t:file { rename setattr read create getattr write ioctl unlink open };
-
-
-#============= svirt_t ==============
-allow svirt_t initrc_t:unix_stream_socket connectto;
 
 
 #============= firewalld_t ==============
@@ -496,12 +490,6 @@
 ')
 
 
-# Remove this block once the bug is solved
-# Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1025401
-#============= iscsid_t ==============
-allow iscsid_t iscsi_var_lib_t:dir { write remove_name create add_name rmdir };
-allow iscsid_t iscsi_var_lib_t:file { write create unlink };
-allow iscsid_t iscsi_var_lib_t:lnk_file { create unlink };
 
 
 #


-- 
To view, visit http://gerrit.ovirt.org/33481
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ia092fb18c738be774dc077f96109028d49778070
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-node
Gerrit-Branch: master
Gerrit-Owner: Fabian Deutsch <fabiand at redhat.com>