[node-patches] Change in ovirt-node[master]: Allow ovirt_t to transition to unconfined_t for ovirt-post
rbarry at redhat.com
rbarry at redhat.com
Mon Mar 30 22:53:46 UTC 2015
Ryan Barry has uploaded a new change for review.
Change subject: Allow ovirt_t to transition to unconfined_t for ovirt-post
......................................................................
Allow ovirt_t to transition to unconfined_t for ovirt-post
Allow transitions so hooks run unconfined and can appropriately
set the context on services they start (i.e. libvirtd) instead
of leaving them as ovirt_t
Change-Id: I721f31319e08d6aba9b2a79ad863652f7e76e1d5
Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1207155
Signed-off-by: Ryan Barry <rbarry at redhat.com>
---
M scripts/ovirt-init-functions.sh.in
M semodule/ovirt.te.in
2 files changed, 2 insertions(+), 2 deletions(-)
git pull ssh://gerrit.ovirt.org:29418/ovirt-node refs/changes/76/39376/1
diff --git a/scripts/ovirt-init-functions.sh.in b/scripts/ovirt-init-functions.sh.in
index 88efd20..ce45049 100644
--- a/scripts/ovirt-init-functions.sh.in
+++ b/scripts/ovirt-init-functions.sh.in
@@ -1518,7 +1518,7 @@
for handler in "$HOOK_ON_BOOT_DIR"/*;
do
log "Running handler: $handler"
- "$handler" >> $OVIRT_LOGFILE 2>&1
+ runcon -t unconfined_t "$handler" >> $OVIRT_LOGFILE 2>&1
done
fi
diff --git a/semodule/ovirt.te.in b/semodule/ovirt.te.in
index 1dd3934..ceb7780 100644
--- a/semodule/ovirt.te.in
+++ b/semodule/ovirt.te.in
@@ -585,12 +585,12 @@
')
-
#
# Transitions
#
type ovirt_t;
type ovirt_exec_t;
+allow ovirt_t unconfined_t: process transition;
init_daemon_domain(ovirt_t, ovirt_exec_t)
unconfined_domain(ovirt_t)
unconfined_domain(mount_t)
--
To view, visit https://gerrit.ovirt.org/39376
To unsubscribe, visit https://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I721f31319e08d6aba9b2a79ad863652f7e76e1d5
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-node
Gerrit-Branch: master
Gerrit-Owner: Ryan Barry <rbarry at redhat.com>
More information about the node-patches
mailing list