openstack
/
tripleo-image-elements
Code Issues Proposed changes
tripleo-image-elements/elements/selinux
History
Richard Su b3b853ff5c Simplify keepalived custom policy 
Instead of allowing access to individual types to keepalived, we
now grant keepalived access to read the processes for all types.

This change was suggested in
https://bugzilla.redhat.com/show_bug.cgi?id=1151647

This also makes the custom policy work on both Fedora and RHEL.
The previous custom policy would not install on RHEL 7.0 because
some types were not defined in 7.0.

Change-Id: Ic7adbd14ef27959f0a991127b5213384c9e46be3
 		2014-10-24 14:22:23 +00:00
..
bin Merge "Fix Fedora builds on Ubuntu" 2014-08-14 15:05:29 +00:00
custom-policies Simplify keepalived custom policy 2014-10-24 14:22:23 +00:00
install.d Change how SELinux policies are compiled 2014-10-23 19:44:27 -07:00
os-refresh-config/configure.d Change how SELinux policies are compiled 2014-10-23 19:44:27 -07:00
README.md Additional SELinux scripts 2014-07-22 17:08:01 -07:00

README.md

An element containing SELinux scripts

  • bin/add-selinux-file-context

Adds a file context type to a file or a directory. It is a wrapper script around semanage fcontext -a -t .

  • bin/add-selinux-path-substitution

Adds a path substitution from a source to a target path. Can be used to indicate the SELinux rules that normally apply to the packaged version of nova at /usr/bin/nova (source path) should also be applied to the source version at /opt/stack/venvs/nova/bin/nova (target path).

  • bin/restore-selinux-file-context

Recursively restores the file context on a file or directory. It is a wrapper script around restorecon -Rv .