[node-patches] Change in ovirt-node[ovirt-3.5]: Allow ovirt_t to transition to unconfined_t for ovirt-post
fabiand at redhat.com
fabiand at redhat.com
Thu Apr 2 11:00:43 UTC 2015
Hello Ryan Barry,
I'd like you to do a code review. Please visit
https://gerrit.ovirt.org/39487
to review the following change.
Change subject: Allow ovirt_t to transition to unconfined_t for ovirt-post
......................................................................
Allow ovirt_t to transition to unconfined_t for ovirt-post
Allow transitions so hooks run unconfined and can appropriately
set the context on services they start (i.e. libvirtd) instead
of leaving them as ovirt_t
Change-Id: I721f31319e08d6aba9b2a79ad863652f7e76e1d5
Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1207155
Signed-off-by: Ryan Barry <rbarry at redhat.com>
Signed-off-by: Fabian Deutsch <fabiand at fedoraproject.org>
---
M semodule/ovirt.te.in
1 file changed, 1 insertion(+), 1 deletion(-)
git pull ssh://gerrit.ovirt.org:29418/ovirt-node refs/changes/87/39487/1
diff --git a/semodule/ovirt.te.in b/semodule/ovirt.te.in
index 1dd3934..b69a0a1 100644
--- a/semodule/ovirt.te.in
+++ b/semodule/ovirt.te.in
@@ -585,12 +585,12 @@
')
-
#
# Transitions
#
type ovirt_t;
type ovirt_exec_t;
+allow ovirt_t unconfined_t:process transition;
init_daemon_domain(ovirt_t, ovirt_exec_t)
unconfined_domain(ovirt_t)
unconfined_domain(mount_t)
--
To view, visit https://gerrit.ovirt.org/39487
To unsubscribe, visit https://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I721f31319e08d6aba9b2a79ad863652f7e76e1d5
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-node
Gerrit-Branch: ovirt-3.5
Gerrit-Owner: Fabian Deutsch <fabiand at redhat.com>
Gerrit-Reviewer: Fabian Deutsch <fabiand at redhat.com>
Gerrit-Reviewer: Ryan Barry <rbarry at redhat.com>
More information about the node-patches
mailing list