[node-patches] Change in ovirt-node[ovirt-3.5]: semodule: Rules for el7.1

fabiand at redhat.com fabiand at redhat.com
Thu Mar 12 07:58:03 UTC 2015


Fabian Deutsch has uploaded a new change for review.

Change subject: semodule: Rules for el7.1
......................................................................

semodule: Rules for el7.1

Change-Id: Ia96185dfa045b6f2be4dd955c8f1738590aae978
Signed-off-by: Fabian Deutsch <fabiand at fedoraproject.org>
---
M semodule/ovirt.te.in
1 file changed, 20 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.ovirt.org:29418/ovirt-node refs/changes/38/38638/1

diff --git a/semodule/ovirt.te.in b/semodule/ovirt.te.in
index 66cd1a0..d31ebc7 100644
--- a/semodule/ovirt.te.in
+++ b/semodule/ovirt.te.in
@@ -215,6 +215,7 @@
     allow sshd_net_t initrc_t:process sigchld;
 ')
 
+
 #============= snmpd_t ==============
 require {
     type snmpd_t;
@@ -223,10 +224,12 @@
 allow snmpd_t ovirt_t:unix_dgram_socket sendto;
 allow snmpd_t tmpfs_t:file { read getattr open };
 
+
 #============= sshd_t ==============
 allow sshd_t var_log_t:file { read open write };
 allow sshd_t device_t:sock_file write;
 allow sshd_t ovirt_t:unix_dgram_socket sendto;
+
 
 #============= svirt_t ==============
 require {
@@ -265,6 +268,13 @@
 allow iscsid_t iscsi_var_lib_t:file { write create unlink };
 allow iscsid_t iscsi_var_lib_t:lnk_file { create unlink };
 
+optional_policy(`
+    require {
+        type kdumpctl_tmp_t;
+    }
+    allow iscsid_t kdumpctl_tmp_t:fifo_file write;
+')
+
 
 #============= ping_t ==============
 require {
@@ -297,6 +307,16 @@
     allow dhcpc_t setfiles_t:process { siginh rlimitinh noatsecure };
 ')
 
+optional_policy(`
+    require {
+        type dhcpc_t;
+        type random_device_t;
+        type tmpfs_t;
+    }
+    allow dhcpc_t random_device_t:chr_file read;
+    allow dhcpc_t tmpfs_t:dir remove_name;
+')
+
 
 #============= hostname_t ==============
 require {


-- 
To view, visit https://gerrit.ovirt.org/38638
To unsubscribe, visit https://gerrit.ovirt.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ia96185dfa045b6f2be4dd955c8f1738590aae978
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-node
Gerrit-Branch: ovirt-3.5
Gerrit-Owner: Fabian Deutsch <fabiand at redhat.com>
Gerrit-Reviewer: Fabian Deutsch <fabiand at redhat.com>



More information about the node-patches mailing list