46 lines
1.2 KiB
Plaintext
46 lines
1.2 KiB
Plaintext
|
|
module ironic-map-file 1.0;
|
|
|
|
require {
|
|
type nova_scheduler_t;
|
|
type user_home_t;
|
|
type nova_api_t;
|
|
type init_var_run_t;
|
|
type default_t;
|
|
type tftpd_t;
|
|
type keystone_t;
|
|
class lnk_file read;
|
|
class file { write getattr setattr read lock create open };
|
|
class dir { getattr add_name };
|
|
}
|
|
|
|
#============= keystone_t ==============
|
|
|
|
#!!!! This avc is allowed in the current policy
|
|
allow keystone_t init_var_run_t:dir add_name;
|
|
allow keystone_t init_var_run_t:file { read setattr };
|
|
|
|
#!!!! This avc is allowed in the current policy
|
|
allow keystone_t init_var_run_t:file { write create open getattr };
|
|
|
|
#============= nova_api_t ==============
|
|
|
|
#!!!! This avc is allowed in the current policy
|
|
allow nova_api_t user_home_t:dir getattr;
|
|
|
|
#============= nova_scheduler_t ==============
|
|
|
|
#!!!! This avc is allowed in the current policy
|
|
allow nova_scheduler_t user_home_t:dir getattr;
|
|
|
|
#============= tftpd_t ==============
|
|
|
|
#!!!! This avc can be allowed using the boolean 'tftp_home_dir'
|
|
allow tftpd_t default_t:file lock;
|
|
|
|
#!!!! This avc is allowed in the current policy
|
|
allow tftpd_t default_t:file { read getattr open };
|
|
|
|
#!!!! This avc is allowed in the current policy
|
|
allow tftpd_t default_t:lnk_file read;
|