Custom policy for nova-api tmpfs errors
This policy fixes an issue whereby nova-api is unable to use tmpfs, /dev/shm, when SELinux is running in enforcing mode. Partial-Bug: 1342863 Change-Id: I51d2afbd89c4f632920eca6d2d1698665ccf4e21
This commit is contained in:
parent
43e2b577b8
commit
6ef0911573
|
@ -0,0 +1,18 @@
|
||||||
|
|
||||||
|
module tripleo-selinux-nova 1.0;
|
||||||
|
|
||||||
|
require {
|
||||||
|
type tmpfs_t;
|
||||||
|
type nova_api_t;
|
||||||
|
class dir { write remove_name search add_name };
|
||||||
|
class file { write getattr link read create unlink open };
|
||||||
|
class filesystem getattr;
|
||||||
|
}
|
||||||
|
|
||||||
|
#============= nova_api_t ==============
|
||||||
|
# https://bugs.launchpad.net/tripleo/+bug/1344452
|
||||||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1125458
|
||||||
|
allow nova_api_t tmpfs_t:dir { write remove_name search add_name };
|
||||||
|
allow nova_api_t tmpfs_t:file { getattr unlink };
|
||||||
|
allow nova_api_t tmpfs_t:file { read write create open link };
|
||||||
|
allow nova_api_t tmpfs_t:filesystem getattr;
|
Loading…
Reference in New Issue