Custom policy for nova-api tmpfs errors
This policy fixes an issue whereby nova-api is unable to use tmpfs, /dev/shm, when SELinux is running in enforcing mode. Partial-Bug: 1342863 Change-Id: I51d2afbd89c4f632920eca6d2d1698665ccf4e21
This commit is contained in:
parent
43e2b577b8
commit
6ef0911573
|
@ -0,0 +1,18 @@
|
|||
|
||||
module tripleo-selinux-nova 1.0;
|
||||
|
||||
require {
|
||||
type tmpfs_t;
|
||||
type nova_api_t;
|
||||
class dir { write remove_name search add_name };
|
||||
class file { write getattr link read create unlink open };
|
||||
class filesystem getattr;
|
||||
}
|
||||
|
||||
#============= nova_api_t ==============
|
||||
# https://bugs.launchpad.net/tripleo/+bug/1344452
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1125458
|
||||
allow nova_api_t tmpfs_t:dir { write remove_name search add_name };
|
||||
allow nova_api_t tmpfs_t:file { getattr unlink };
|
||||
allow nova_api_t tmpfs_t:file { read write create open link };
|
||||
allow nova_api_t tmpfs_t:filesystem getattr;
|
Loading…
Reference in New Issue