[node-patches] Change in ovirt-node[master]: semolinux: dhcp_t tmpfs unlink

[dougsland at redhat.com]

Douglas Schilling Landgraf has uploaded a new change for review.

Change subject: semolinux: dhcp_t tmpfs unlink
......................................................................

semolinux: dhcp_t tmpfs unlink

Avoid avc:

type=SERVICE_STOP msg=audit(1434979018.963:319): pid=1 uid=0 auid=4294967295 ses=4294967295
subj=system_u:system_r:init_t:s0 msg=' comm="ovirt-early" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=?
res=success'
type=AVC msg=audit(1434979019.198:320): avc:  denied  { unlink } for  pid=17435 comm="rm"
name="ntp.conf.predhclient.ens3" dev="tmpfs" ino=62043 scontext=system_u:system_r:dhcpc_t:s0
tcontext=system_u:object_r:tmpfs_t:s0 tclass=file

Change-Id: I0e5b9e1570314f03ba33b8ffb861de8584092875
Signed-off-by: Douglas Schilling Landgraf <dougsland at redhat.com>
---
M semodule/ovirt.te.in
1 file changed, 1 insertion(+), 1 deletion(-)


  git pull ssh://gerrit.ovirt.org:29418/ovirt-node refs/changes/93/42693/1

diff --git a/semodule/ovirt.te.in b/semodule/ovirt.te.in
index e667dfa..d6a5181 100644
--- a/semodule/ovirt.te.in
+++ b/semodule/ovirt.te.in
@@ -303,7 +303,7 @@
         type tmpfs_t;
     }
     allow dhcpc_t tmpfs_t:dir { write add_name read };
-    allow dhcpc_t tmpfs_t:file { write create open getattr read };
+    allow dhcpc_t tmpfs_t:file { write create open getattr read unlink };
     allow dhcpc_t user_tmpfs_t:file { read getattr open };
     allow dhcpc_t hostname_t:process { siginh noatsecure rlimitinh };
 ')


-- 
To view, visit https://gerrit.ovirt.org/42693
To unsubscribe, visit https://gerrit.ovirt.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I0e5b9e1570314f03ba33b8ffb861de8584092875
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-node
Gerrit-Branch: master
Gerrit-Owner: Douglas Schilling Landgraf <dougsland at redhat.com>