Make the install and apply custom policy scripts just act on all available
policy instead of having to add each policy one by one.
This commit is contained in:
parent
8f0e096f6e
commit
95cb79f47d
8
elements/selinux-policy-updates/install.d/10-install-policy
Executable file
8
elements/selinux-policy-updates/install.d/10-install-policy
Executable file
@ -0,0 +1,8 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -eux
|
||||
|
||||
mkdir -p /opt/stack/selinux-policy
|
||||
|
||||
cp $(dirname $0)/../*.pp /opt/stack/selinux-policy
|
||||
cp $(dirname $0)/../*.te /opt/stack/selinux-policy
|
@ -1,15 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -eux
|
||||
|
||||
mkdir -p /opt/stack/selinux-policy
|
||||
|
||||
# Adds policy that corrects the following AVC when neutron-dhcp-agent tries to
|
||||
# start:
|
||||
# type=AVC msg=audit(1405364263.636:55476): avc: denied { mounton } for pid=2967 comm="ip" path="/" dev="dm-0" ino=2 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:root_t:s0 tclass=dir
|
||||
# and:
|
||||
# type=AVC msg=audit(1405003967.738:15767): avc: denied { mounton } for pid=5944 comm="ip" path="/run/netns" dev="tmpfs" ino=110627 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:ifconfig_var_run_t:s0 tclass=dir
|
||||
cp $(dirname $0)/../neutron_ip.pp /opt/stack/selinux-policy
|
||||
cp $(dirname $0)/../neutron_ip.te /opt/stack/selinux-policy
|
||||
cp $(dirname $0)/../neutron_ip_tmpfs.pp /opt/stack/selinux-policy
|
||||
cp $(dirname $0)/../neutron_ip_tmpfs.te /opt/stack/selinux-policy
|
@ -0,0 +1,5 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -eux
|
||||
|
||||
semodule -i /opt/stack/selinux-policy/*.pp
|
@ -1,6 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -eux
|
||||
|
||||
semodule -i /opt/stack/selinux-policy/neutron_ip.pp
|
||||
semodule -i /opt/stack/selinux-policy/neutron_ip_tmpfs.pp
|
Loading…
Reference in New Issue
Block a user