openstack
/
tripleo-image-elements
Code Issues Proposed changes

Custom SELinux policy for rhsmcertd 

Policy update to fix rhsmcertd denials on RHEL. This is needed
until the RHEL selinux-policy package is updated.

Change-Id: Ief542a442b8206ad59c1aa055307df213597b532
Partial-Bug: 1375532
This commit is contained in:
Richard Su 2014-09-30 10:33:06 -07:00
parent 8196d73b6b
commit f9dc34aadb
1 changed files with 19 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
elements/selinux/custom-policies/tripleo-selinux-rhsmcertd.te Normal file
View File

@ -0,0 +1,19 @@
module tripleo-selinux-rhsmcertd 1.0;
require {
type rhsmcertd_t;
type user_home_t;
type rpm_var_lib_t;
class capability dac_override;
class file create;
class dir { write getattr add_name };
}
#============= rhsmcertd_t ==============
# https://bugzilla.redhat.com/show_bug.cgi?id=1144165
# https://bugs.launchpad.net/tripleo/+bug/1375532
allow rhsmcertd_t rpm_var_lib_t:dir { write add_name };
allow rhsmcertd_t rpm_var_lib_t:file create;
allow rhsmcertd_t self:capability dac_override;
allow rhsmcertd_t user_home_t:dir getattr;