[node-patches] Change in ovirt-node[master]: semodule: svirt_t var_log_t:file rw create open

[dougsland at redhat.com]

Douglas Schilling Landgraf has uploaded a new change for review.

Change subject: semodule: svirt_t var_log_t:file rw create open
......................................................................

semodule: svirt_t var_log_t:file rw create open

Allow read, write, create and open.

avoid AVC:
type=AVC msg=audit(1437171438.383:1800): avc:  denied  { create } for  pid=21267 comm="qemu-kvm"
name="core.21267.1437171438.dump" scontext=system_u:system_r:svirt_t:s0:c260,c639
tcontext=system_u:object_r:var_log_t:s0 tclass=file
type=AVC msg=audit(1437171438.383:1801): avc:  denied  { read write open } for  pid=21267 comm="qemu-kvm"
path="/var/log/core/core.21267.1437171438.dump" dev="dm-5" ino=16 scontext=system_u:system_r:svirt_t:s0:c260,c639
tcontext=system_u:object_r:var_log_t:s0 tclass=file

Change-Id: I1579fbc5e46ceff6a15ec6d82a18820caa67e9af
Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1215554
Signed-off-by: Douglas Schilling Landgraf <dougsland at redhat.com>
---
M semodule/ovirt.te.in
1 file changed, 1 insertion(+), 0 deletions(-)


  git pull ssh://gerrit.ovirt.org:29418/ovirt-node refs/changes/87/43787/1

diff --git a/semodule/ovirt.te.in b/semodule/ovirt.te.in
index e8c3abc..3c7c0c3 100644
--- a/semodule/ovirt.te.in
+++ b/semodule/ovirt.te.in
@@ -259,6 +259,7 @@
 allow svirt_t nfs_t:file open;
 allow svirt_t bin_t:file entrypoint;
 allow svirt_t var_log_t:dir { write add_name };
+allow svirt_t var_log_t:file { read write create open };
 
 #============= syslogd_t ==============
 allow syslogd_t var_lib_t:file { write getattr open };


-- 
To view, visit https://gerrit.ovirt.org/43787
To unsubscribe, visit https://gerrit.ovirt.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I1579fbc5e46ceff6a15ec6d82a18820caa67e9af
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-node
Gerrit-Branch: master
Gerrit-Owner: Douglas Schilling Landgraf <dougsland at redhat.com>