openstack
/
tripleo-image-elements
Code Issues Proposed changes

Custom policy for openvswitch SELinux denials 

Tripleo-ci has started to log denials about openvswitch and
sysctl interactions.

Change-Id: I9ef2162d60dd0ac8a062f11c817849a84ff84546
Partial-Bug: 1405021
This commit is contained in:
Richard Su 2014-12-22 16:14:06 -08:00
parent ecd2e912b3
commit 1d5e18a157
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
elements/selinux/custom-policies/tripleo-selinux-openvswitch.te Normal file
View File

@ -0,0 +1,14 @@
module tripleo-selinux-openvswitch 1.0;
require {
type sysctl_net_t;
type openvswitch_t;
class dir search;
class file { read getattr open };
}
# https://bugs.launchpad.net/tripleo/+bug/1405021
# https://bugzilla.redhat.com/show_bug.cgi?id=1176730
#============= openvswitch_t ==============
allow openvswitch_t sysctl_net_t:dir search;
allow openvswitch_t sysctl_net_t:file { read getattr open };