Add local element for selinux policy updates
This commit is contained in:
parent
9663c54305
commit
c274259ed9
1
elements/selinux-policy-updates/README.md
Normal file
1
elements/selinux-policy-updates/README.md
Normal file
@ -0,0 +1 @@
|
||||
General catch all element to apply custom policy.
|
5
elements/selinux-policy-updates/install.d/01-policycoreutils-python
Executable file
5
elements/selinux-policy-updates/install.d/01-policycoreutils-python
Executable file
@ -0,0 +1,5 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -eux
|
||||
|
||||
install-packages policycoreutils-python
|
10
elements/selinux-policy-updates/install.d/10-mysql-socket-selinux
Executable file
10
elements/selinux-policy-updates/install.d/10-mysql-socket-selinux
Executable file
@ -0,0 +1,10 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -eux
|
||||
|
||||
mkdir -p /opt/stack/selinux-policy
|
||||
|
||||
# This policy fixes
|
||||
# https://bugs.launchpad.net/tripleo/+bug/1339395
|
||||
cp $(dirname $0)/../mysql_socket.pp /opt/stack/selinux-policy
|
||||
cp $(dirname $0)/../mysql_socket.te /opt/stack/selinux-policy
|
BIN
elements/selinux-policy-updates/mysql_socket.pp
Normal file
BIN
elements/selinux-policy-updates/mysql_socket.pp
Normal file
Binary file not shown.
11
elements/selinux-policy-updates/mysql_socket.te
Normal file
11
elements/selinux-policy-updates/mysql_socket.te
Normal file
@ -0,0 +1,11 @@
|
||||
|
||||
module mypol 1.0;
|
||||
|
||||
require {
|
||||
type tram_port_t;
|
||||
type mysqld_t;
|
||||
class tcp_socket name_bind;
|
||||
}
|
||||
|
||||
#============= mysqld_t ==============
|
||||
allow mysqld_t tram_port_t:tcp_socket name_bind;
|
@ -0,0 +1,5 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -eux
|
||||
|
||||
semodule -i /opt/stack/selinux-policy/mysql_socket.pp
|
Loading…
Reference in New Issue
Block a user