[node-patches] Change in ovirt-node[master]: ovirt.te: entry for plymouthd_t

dougsland at redhat.com dougsland at redhat.com
Wed Apr 1 17:26:03 UTC 2015 

Douglas Schilling Landgraf has uploaded a new change for review.

Change subject: ovirt.te: entry for plymouthd_t
......................................................................

ovirt.te: entry for plymouthd_t

Avoid the below avc denied for plymouthd:

type=AVC msg=audit(1421813717.969:476): avc:  denied  { search } for  pid=17132 comm="plymouthd" name="etc" dev="tmpfs"
ino=15101 scontext=system_u:system_rlymouthd_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir
type=AVC msg=audit(1421813717.971:485): avc:  denied  { setattr } for pid=17150 comm="plymouthd" name="0" dev="devpts"
ino=3 scontext=system_u:system_rlymouthd_t:s0 tcontext=system_u:object_revpts_t:s0 tclass=chr_file

Change-Id: I70aadbfb042d0831cb964291e9ffa8e20b328cb2
Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1184398
Signed-off-by: Douglas Schilling Landgraf <dougsland at redhat.com>
---
M semodule/ovirt.te.in
1 file changed, 8 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.ovirt.org:29418/ovirt-node refs/changes/58/39458/1

diff --git a/semodule/ovirt.te.in b/semodule/ovirt.te.in
index 1dd3934..830a30f 100644
--- a/semodule/ovirt.te.in
+++ b/semodule/ovirt.te.in
@@ -14,6 +14,7 @@
     type etc_t;
     type device_t;
     type dmesg_t;
+    type devpts_t;
     type getty_t;
     type init_t;
     type initrc_t;
@@ -57,6 +58,13 @@
     allow systemd_logind_t unconfined_service_t:dbus send_msg;
 ')
 
+#============= plymouthd_t ===========
+require {
+    type plymouthd_t;
+}
+allow plymouthd_t devpts_t:chr_file setattr;
+allow plymouthd_t tmpfs_t:dir search;
+
 #============= brctl_t ==============
 optional_policy(`
     require {


-- 
To view, visit https://gerrit.ovirt.org/39458
To unsubscribe, visit https://gerrit.ovirt.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I70aadbfb042d0831cb964291e9ffa8e20b328cb2
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-node
Gerrit-Branch: master
Gerrit-Owner: Douglas Schilling Landgraf <dougsland at redhat.com>

More information about the node-patches mailing list