Make the install and apply custom policy scripts just act on all available

policy instead of having to add each policy one by one.
This commit is contained in:
James Slagle 2014-07-31 11:58:29 -04:00
parent 8f0e096f6e
commit 95cb79f47d
4 changed files with 13 additions and 21 deletions

View File

@ -0,0 +1,8 @@
#!/bin/bash
set -eux
mkdir -p /opt/stack/selinux-policy
cp $(dirname $0)/../*.pp /opt/stack/selinux-policy
cp $(dirname $0)/../*.te /opt/stack/selinux-policy

View File

@ -1,15 +0,0 @@
#!/bin/bash
set -eux
mkdir -p /opt/stack/selinux-policy
# Adds policy that corrects the following AVC when neutron-dhcp-agent tries to
# start:
# type=AVC msg=audit(1405364263.636:55476): avc: denied { mounton } for pid=2967 comm="ip" path="/" dev="dm-0" ino=2 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:root_t:s0 tclass=dir
# and:
# type=AVC msg=audit(1405003967.738:15767): avc: denied { mounton } for pid=5944 comm="ip" path="/run/netns" dev="tmpfs" ino=110627 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:ifconfig_var_run_t:s0 tclass=dir
cp $(dirname $0)/../neutron_ip.pp /opt/stack/selinux-policy
cp $(dirname $0)/../neutron_ip.te /opt/stack/selinux-policy
cp $(dirname $0)/../neutron_ip_tmpfs.pp /opt/stack/selinux-policy
cp $(dirname $0)/../neutron_ip_tmpfs.te /opt/stack/selinux-policy

View File

@ -0,0 +1,5 @@
#!/bin/bash
set -eux
semodule -i /opt/stack/selinux-policy/*.pp

View File

@ -1,6 +0,0 @@
#!/bin/bash
set -eux
semodule -i /opt/stack/selinux-policy/neutron_ip.pp
semodule -i /opt/stack/selinux-policy/neutron_ip_tmpfs.pp