openstack
/
tripleo-image-elements
Code Issues Proposed changes

Custom policy for nova-api tmpfs errors 

This policy fixes an issue whereby nova-api is unable to use tmpfs,
/dev/shm, when SELinux is running in enforcing mode.

Partial-Bug: 1342863
Change-Id: I51d2afbd89c4f632920eca6d2d1698665ccf4e21
This commit is contained in:
Richard Su 2014-07-16 10:29:27 -07:00
parent 43e2b577b8
commit 6ef0911573
1 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
elements/selinux/custom-policies/tripleo-selinux-nova.te Normal file
View File

@ -0,0 +1,18 @@
module tripleo-selinux-nova 1.0;
require {
type tmpfs_t;
type nova_api_t;
class dir { write remove_name search add_name };
class file { write getattr link read create unlink open };
class filesystem getattr;
}
#============= nova_api_t ==============
# https://bugs.launchpad.net/tripleo/+bug/1344452
# https://bugzilla.redhat.com/show_bug.cgi?id=1125458
allow nova_api_t tmpfs_t:dir { write remove_name search add_name };
allow nova_api_t tmpfs_t:file { getattr unlink };
allow nova_api_t tmpfs_t:file { read write create open link };
allow nova_api_t tmpfs_t:filesystem getattr;