Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 706232 Details for
Bug 918721
swift replication in /srv/node produces AVC denials
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
Patch against master_contrib branch of selinux-policy
0001-Add-a-type-and-path-for-swift-when-using-rsync.patch (text/plain), 2.14 KB, created by
Lon Hohberger
on 2013-03-06 20:37:58 UTC
(
hide
)
Description:
Patch against master_contrib branch of selinux-policy
Filename:
MIME Type:
Creator:
Lon Hohberger
Created:
2013-03-06 20:37:58 UTC
Size:
2.14 KB
patch
obsolete
>From e99b6c4c46c6fa77f85414db19d886ea4012c3ba Mon Sep 17 00:00:00 2001 >From: Lon Hohberger <lhh@redhat.com> >Date: Wed, 6 Mar 2013 11:43:54 -0500 >Subject: [PATCH] Add a type and path for swift when using rsync > >Signed-off-by: Lon Hohberger <lhh@redhat.com> >--- > swift.fc | 8 ++++++++ > swift.te | 15 +++++++++++++++ > 2 files changed, 23 insertions(+), 0 deletions(-) > >diff --git a/swift.fc b/swift.fc >index 7917018..5bdb977 100644 >--- a/swift.fc >+++ b/swift.fc >@@ -7,3 +7,11 @@ > /usr/lib/systemd/system/openstack-swift.* -- gen_context(system_u:object_r:swift_unit_file_t,s0) > > /var/run/swift(/.*)? gen_context(system_u:object_r:swift_var_run_t,s0) >+ >+# This seems to be a de-facto standard when using swift. >+/srv/node(/.*)? gen_context(system_u:object_r:swift_data_t,s0) >+ >+# This is specific to RHOS's packstack utility >+ifdef(`distro_redhat', ` >+/srv/loopback-device(/.*)? gen_context(system_u:object_r:swift_data_t,s0) >+') >diff --git a/swift.te b/swift.te >index e3eab32..9224ff7 100644 >--- a/swift.te >+++ b/swift.te >@@ -1,10 +1,15 @@ > policy_module(swift, 1.0.0) > >+gen_require(` >+ type rsync_t; >+') >+ > ######################################## > # > # Declarations > # > >+ > type swift_t; > type swift_exec_t; > init_daemon_domain(swift_t, swift_exec_t) >@@ -15,6 +20,8 @@ files_pid_file(swift_var_run_t) > type swift_unit_file_t; > systemd_unit_file(swift_unit_file_t) > >+type swift_data_t; >+ > ######################################## > # > # swift local policy >@@ -26,6 +33,14 @@ allow swift_t self:unix_dgram_socket create_socket_perms; > > manage_dirs_pattern(swift_t, swift_var_run_t, swift_var_run_t) > manage_files_pattern(swift_t, swift_var_run_t, swift_var_run_t) >+ >+# swift makes use of rsync, so we need to give rsync permissions >+# to edit swift_data_t files as well as swift_t those permissions >+manage_dirs_pattern(swift_t, swift_data_t, swift_data_t) >+manage_files_pattern(swift_t, swift_data_t, swift_data_t) >+manage_dirs_pattern(data_t, swift_data_t, swift_data_t) >+manage_files_pattern(data_t, swift_data_t, swift_data_t) >+ > manage_lnk_files_pattern(swift_t, swift_var_run_t, swift_var_run_t) > files_pid_filetrans(swift_t, swift_var_run_t, { dir }) > >-- >1.7.7.6 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=706232">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 918721
:
706193
|
706232
|
706233
|
706261
|
706268
|
706287
|
711952