[node-patches] Change in ovirt-node[ovirt-3.5]: semodule: svirt_t var_log_t:file rw create open

fabiand at redhat.com fabiand at redhat.com
Tue Jul 21 12:56:10 UTC 2015 

Hello Douglas Schilling Landgraf,

I'd like you to do a code review.  Please visit

    https://gerrit.ovirt.org/43857

to review the following change.

Change subject: semodule: svirt_t var_log_t:file rw create open
......................................................................

semodule: svirt_t var_log_t:file rw create open

Allow read, write, create and open.

avoid AVC:
type=AVC msg=audit(1437171438.383:1800): avc:  denied  { create } for  pid=21267 comm="qemu-kvm"
name="core.21267.1437171438.dump" scontext=system_u:system_r:svirt_t:s0:c260,c639
tcontext=system_u:object_r:var_log_t:s0 tclass=file
type=AVC msg=audit(1437171438.383:1801): avc:  denied  { read write open } for  pid=21267 comm="qemu-kvm"
path="/var/log/core/core.21267.1437171438.dump" dev="dm-5" ino=16 scontext=system_u:system_r:svirt_t:s0:c260,c639
tcontext=system_u:object_r:var_log_t:s0 tclass=file

Change-Id: I1579fbc5e46ceff6a15ec6d82a18820caa67e9af
Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1215554
Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1235346
Signed-off-by: Douglas Schilling Landgraf <dougsland at redhat.com>
---
M semodule/ovirt.te.in
1 file changed, 1 insertion(+), 0 deletions(-)


  git pull ssh://gerrit.ovirt.org:29418/ovirt-node refs/changes/57/43857/1

diff --git a/semodule/ovirt.te.in b/semodule/ovirt.te.in
index 8da1800..6b11d7e 100644
--- a/semodule/ovirt.te.in
+++ b/semodule/ovirt.te.in
@@ -241,6 +241,7 @@
 allow svirt_t nfs_t:file open;
 allow svirt_t bin_t:file entrypoint;
 allow svirt_t var_log_t:dir { write add_name };
+allow svirt_t var_log_t:file { read write create open };
 
 #============= syslogd_t ==============
 allow syslogd_t var_lib_t:file { write getattr open };


-- 
To view, visit https://gerrit.ovirt.org/43857
To unsubscribe, visit https://gerrit.ovirt.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I1579fbc5e46ceff6a15ec6d82a18820caa67e9af
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-node
Gerrit-Branch: ovirt-3.5
Gerrit-Owner: Fabian Deutsch <fabiand at redhat.com>
Gerrit-Reviewer: Fabian Deutsch <fabiand at redhat.com>

More information about the node-patches mailing list