[node-patches] Change in ovirt-node[ovirt-3.5]: semolinux: dhcp_t tmpfs unlink

fabiand at redhat.com fabiand at redhat.com
Tue Sep 15 12:59:58 UTC 2015 

Hello Douglas Schilling Landgraf,

I'd like you to do a code review.  Please visit

    https://gerrit.ovirt.org/46175

to review the following change.

Change subject: semolinux: dhcp_t tmpfs unlink
......................................................................

semolinux: dhcp_t tmpfs unlink

Avoid avc:

type=SERVICE_STOP msg=audit(1434979018.963:319): pid=1 uid=0 auid=4294967295 ses=4294967295
subj=system_u:system_r:init_t:s0 msg=' comm="ovirt-early" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=?
res=success'
type=AVC msg=audit(1434979019.198:320): avc:  denied  { unlink } for  pid=17435 comm="rm"
name="ntp.conf.predhclient.ens3" dev="tmpfs" ino=62043 scontext=system_u:system_r:dhcpc_t:s0
tcontext=system_u:object_r:tmpfs_t:s0 tclass=file

Change-Id: I0e5b9e1570314f03ba33b8ffb861de8584092875
Signed-off-by: Douglas Schilling Landgraf <dougsland at redhat.com>
---
M semodule/ovirt.te.in
1 file changed, 1 insertion(+), 1 deletion(-)


  git pull ssh://gerrit.ovirt.org:29418/ovirt-node refs/changes/75/46175/1

diff --git a/semodule/ovirt.te.in b/semodule/ovirt.te.in
index 1774584..649f467 100644
--- a/semodule/ovirt.te.in
+++ b/semodule/ovirt.te.in
@@ -294,7 +294,7 @@
         type tmpfs_t;
     }
     allow dhcpc_t tmpfs_t:dir { write add_name read };
-    allow dhcpc_t tmpfs_t:file { write create open getattr read };
+    allow dhcpc_t tmpfs_t:file { write create open getattr read unlink };
     allow dhcpc_t user_tmpfs_t:file { read getattr open };
     allow dhcpc_t hostname_t:process { siginh noatsecure rlimitinh };
 ')


-- 
To view, visit https://gerrit.ovirt.org/46175
To unsubscribe, visit https://gerrit.ovirt.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I0e5b9e1570314f03ba33b8ffb861de8584092875
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-node
Gerrit-Branch: ovirt-3.5
Gerrit-Owner: Fabian Deutsch <fabiand at redhat.com>
Gerrit-Reviewer: Douglas Schilling Landgraf <dougsland at redhat.com>
Gerrit-Reviewer: Fabian Deutsch <fabiand at redhat.com>

More information about the node-patches mailing list