openstack
/
instack-undercloud
Code Issues Proposed changes

Add local element for selinux policy updates

This commit is contained in:
James Slagle 2014-07-09 15:54:34 -04:00
parent 9663c54305
commit c274259ed9
6 changed files with 32 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
elements/selinux-policy-updates/README.md Normal file
View File

@ -0,0 +1 @@
General catch all element to apply custom policy.

5
elements/selinux-policy-updates/install.d/01-policycoreutils-python Executable file
View File

@ -0,0 +1,5 @@
#!/bin/bash
set -eux
install-packages policycoreutils-python

10
elements/selinux-policy-updates/install.d/10-mysql-socket-selinux Executable file
View File

@ -0,0 +1,10 @@
#!/bin/bash
set -eux
mkdir -p /opt/stack/selinux-policy
# This policy fixes
# https://bugs.launchpad.net/tripleo/+bug/1339395
cp $(dirname $0)/../mysql_socket.pp /opt/stack/selinux-policy
cp $(dirname $0)/../mysql_socket.te /opt/stack/selinux-policy

BIN
elements/selinux-policy-updates/mysql_socket.pp Normal file
View File

Binary file not shown.

11
elements/selinux-policy-updates/mysql_socket.te Normal file
View File

@ -0,0 +1,11 @@
module mypol 1.0;
require {
type tram_port_t;
type mysqld_t;
class tcp_socket name_bind;
}
#============= mysqld_t ==============
allow mysqld_t tram_port_t:tcp_socket name_bind;

5
elements/selinux-policy-updates/os-refresh-config/pre-configure.d/98-mysql-socket-selinux Executable file
View File

@ -0,0 +1,5 @@
#!/bin/bash
set -eux
semodule -i /opt/stack/selinux-policy/mysql_socket.pp