[node-patches] Change in ovirt-node[master]: semodule: update iptables module
dougsland at redhat.com
dougsland at redhat.com
Wed Jan 6 16:57:05 UTC 2016
Douglas Schilling Landgraf has posted comments on this change.
Change subject: semodule: update iptables module
......................................................................
Patch Set 2:
(1 comment)
https://gerrit.ovirt.org/#/c/51452/2/semodule/ovirt.te.in
File semodule/ovirt.te.in:
Line 484: type iptables_t;
Line 485: type insmod_t;
Line 486: type var_lib_t;
Line 487: class dir { write remove_name create add_name };
Line 488: class file { write create unlink open };
> Are you sure we need to import the classes? Did you try it without?
I didn't tried locally, I have build an image with it and users reported it worked to him. If it's not urgent bug, I can prepare a setup later this week.
Line 489: }
Line 490: allow iptables_t tmpfs_t:dir search;
Line 491: allow iptables_t insmod_t:process { siginh rlimitinh noatsecure };
Line 492: allow iptables_t user_tmpfs_t:file { read open getattr };
--
To view, visit https://gerrit.ovirt.org/51452
To unsubscribe, visit https://gerrit.ovirt.org/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: Ie7f9a58b111ec80d662020ef3849aa1b7e614d4d
Gerrit-PatchSet: 2
Gerrit-Project: ovirt-node
Gerrit-Branch: master
Gerrit-Owner: Douglas Schilling Landgraf <dougsland at redhat.com>
Gerrit-Reviewer: Douglas Schilling Landgraf <dougsland at redhat.com>
Gerrit-Reviewer: Fabian Deutsch <fabiand at redhat.com>
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: gerrit-hooks <automation at ovirt.org>
Gerrit-HasComments: Yes
More information about the node-patches
mailing list