[node-patches] Change in ovirt-node[ovirt-3.5]: ovirt.te: entry for plymouthd_t

fabiand at redhat.com fabiand at redhat.com
Tue Apr 28 07:23:11 UTC 2015 

Fabian Deutsch has uploaded a new change for review.

Change subject: ovirt.te: entry for plymouthd_t
......................................................................

ovirt.te: entry for plymouthd_t

Avoid the below avc denied for plymouthd:

type=AVC msg=audit(1421813717.969:476): avc:  denied  { search } for  pid=17132 comm="plymouthd" name="etc" dev="tmpfs"
ino=15101 scontext=system_u:system_rlymouthd_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir
type=AVC msg=audit(1421813717.971:485): avc:  denied  { setattr } for pid=17150 comm="plymouthd" name="0" dev="devpts"
ino=3 scontext=system_u:system_rlymouthd_t:s0 tcontext=system_u:object_revpts_t:s0 tclass=chr_file

Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1184398
Change-Id: I70aadbfb042d0831cb964291e9ffa8e20b328cb2
Signed-off-by: Douglas Schilling Landgraf <dougsland at redhat.com>
(cherry picked from commit 99cb1b39f9a3e86bfff5776d9169483938fc6075)
---
M semodule/ovirt.te.in
1 file changed, 10 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.ovirt.org:29418/ovirt-node refs/changes/38/40338/1

diff --git a/semodule/ovirt.te.in b/semodule/ovirt.te.in
index b69a0a1..66d8b6f 100644
--- a/semodule/ovirt.te.in
+++ b/semodule/ovirt.te.in
@@ -57,6 +57,16 @@
     allow systemd_logind_t unconfined_service_t:dbus send_msg;
 ')
 
+#============= plymouthd_t ===========
+optional_policy(`
+    require {
+        type devpts_t;
+        type plymouthd_t;
+    }
+    allow plymouthd_t devpts_t:chr_file setattr;
+    allow plymouthd_t tmpfs_t:dir search;
+')
+
 #============= brctl_t ==============
 optional_policy(`
     require {


-- 
To view, visit https://gerrit.ovirt.org/40338
To unsubscribe, visit https://gerrit.ovirt.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I70aadbfb042d0831cb964291e9ffa8e20b328cb2
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-node
Gerrit-Branch: ovirt-3.5
Gerrit-Owner: Fabian Deutsch <fabiand at redhat.com>
Gerrit-Reviewer: Douglas Schilling Landgraf <dougsland at redhat.com>

More information about the node-patches mailing list