[node-patches] Change in ovirt-node[master]: semodule: passwd_t tmpfs dir write
dougsland at redhat.com
dougsland at redhat.com
Mon Jun 22 17:38:34 UTC 2015
Douglas Schilling Landgraf has uploaded a new change for review.
Change subject: semodule: passwd_t tmpfs dir write
......................................................................
semodule: passwd_t tmpfs dir write
Avoid AVC:
type=AVC msg=audit(1434978919.637:256): avc: denied { write } for pid=17181 comm="chage" name="etc" dev="tmpfs"
ino=15118 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir
Change-Id: Ie3c20dc810ce2b355c004f259550472dbb2248af
Signed-off-by: Douglas Schilling Landgraf <dougsland at redhat.com>
---
M semodule/ovirt.te.in
1 file changed, 1 insertion(+), 1 deletion(-)
git pull ssh://gerrit.ovirt.org:29418/ovirt-node refs/changes/94/42694/1
diff --git a/semodule/ovirt.te.in b/semodule/ovirt.te.in
index d6a5181..dd86928 100644
--- a/semodule/ovirt.te.in
+++ b/semodule/ovirt.te.in
@@ -510,7 +510,7 @@
}
allow passwd_t file_t:file { read open getattr };
allow passwd_t self:capability sys_admin;
-
+allow passwd_t tmpfs_t:dir write;
#============= getty_t ==============
require {
type getty_t;
--
To view, visit https://gerrit.ovirt.org/42694
To unsubscribe, visit https://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ie3c20dc810ce2b355c004f259550472dbb2248af
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-node
Gerrit-Branch: master
Gerrit-Owner: Douglas Schilling Landgraf <dougsland at redhat.com>
More information about the node-patches
mailing list