Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 887007 Details for
Bug 1084310
avc denials seen in instack overcloud
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
new15.te
new15.te (text/plain), 8.37 KB, created by
Richard Su
on 2014-04-16 22:03:06 UTC
(
hide
)
Description:
new15.te
Filename:
MIME Type:
Creator:
Richard Su
Created:
2014-04-16 22:03:06 UTC
Size:
8.37 KB
patch
obsolete
> >module new15 1.0; > >require { > type unconfined_t; > type commplex_main_port_t; > type memcached_t; > type nova_api_t; > type init_t; > type system_cronjob_t; > type nova_scheduler_t; > type syslogd_t; > type xserver_port_t; > type unreserved_port_t; > type rsync_t; > type initrc_t; > type swift_t; > type tgtd_t; > type http_cache_port_t; > type proc_t; > type systemd_sysctl_t; > type dhcpc_t; > type sysctl_net_t; > type nova_cert_t; > type openvswitch_t; > type system_dbusd_t; > type neutron_t; > type kernel_t; > type glance_api_t; > type auditd_t; > type qpidd_t; > type systemd_logind_t; > type httpd_t; > type neutron_var_lib_t; > type keystone_t; > type nova_console_t; > type udev_t; > type glance_registry_t; > type sshd_t; > type crond_t; > type getty_t; > type lvm_t; > type tmpfs_t; > type osapi_compute_port_t; > class process signal; > class unix_stream_socket connectto; > class filesystem getattr; > class capability dac_override; > class tcp_socket { name_bind name_connect }; > class file { read create write getattr link unlink open }; > class capability2 block_suspend; > class sock_file write; > class dir { write getattr remove_name search add_name }; >} > >#============= glance_api_t ============== > >#!!!! This avc is allowed in the current policy >allow glance_api_t commplex_main_port_t:tcp_socket name_connect; > >#!!!! This avc is allowed in the current policy >allow glance_api_t http_cache_port_t:tcp_socket name_connect; > >#============= neutron_t ============== > >#!!!! This avc is allowed in the current policy >allow neutron_t auditd_t:dir { getattr search }; > >#!!!! This avc is allowed in the current policy >allow neutron_t auditd_t:file { read open }; > >#!!!! This avc is allowed in the current policy >allow neutron_t crond_t:dir { getattr search }; > >#!!!! This avc is allowed in the current policy >allow neutron_t crond_t:file { read open }; > >#!!!! This avc is allowed in the current policy >allow neutron_t dhcpc_t:dir { getattr search }; > >#!!!! This avc is allowed in the current policy >allow neutron_t dhcpc_t:file { read open }; > >#!!!! This avc is allowed in the current policy >allow neutron_t getty_t:dir { getattr search }; > >#!!!! This avc is allowed in the current policy >allow neutron_t getty_t:file { read open }; > >#!!!! This avc is allowed in the current policy >allow neutron_t glance_api_t:dir { getattr search }; > >#!!!! This avc is allowed in the current policy >allow neutron_t glance_api_t:file { read open }; > >#!!!! This avc is allowed in the current policy >allow neutron_t glance_registry_t:dir { getattr search }; > >#!!!! This avc is allowed in the current policy >allow neutron_t glance_registry_t:file { read open }; > >#!!!! This avc is allowed in the current policy >allow neutron_t httpd_t:dir { getattr search }; > >#!!!! This avc is allowed in the current policy >allow neutron_t httpd_t:file { read open }; > >#!!!! This avc is allowed in the current policy >allow neutron_t init_t:unix_stream_socket connectto; > >#!!!! This avc is allowed in the current policy >allow neutron_t initrc_t:dir { getattr search }; > >#!!!! This avc is allowed in the current policy >allow neutron_t initrc_t:file { read open }; > >#!!!! This avc is allowed in the current policy >allow neutron_t kernel_t:dir { getattr search }; > >#!!!! This avc is allowed in the current policy >allow neutron_t kernel_t:file { read open }; > >#!!!! This avc is allowed in the current policy >allow neutron_t keystone_t:dir { getattr search }; > >#!!!! This avc is allowed in the current policy >allow neutron_t keystone_t:file { read open }; > >#!!!! This avc is allowed in the current policy >allow neutron_t lvm_t:dir { getattr search }; > >#!!!! This avc is allowed in the current policy >allow neutron_t lvm_t:file { read open }; > >#!!!! This avc is allowed in the current policy >allow neutron_t memcached_t:dir { getattr search }; > >#!!!! This avc is allowed in the current policy >allow neutron_t memcached_t:file { read open }; > >#!!!! This avc is allowed in the current policy >allow neutron_t neutron_var_lib_t:sock_file write; > >#!!!! This avc is allowed in the current policy >allow neutron_t nova_api_t:dir { getattr search }; > >#!!!! This avc is allowed in the current policy >allow neutron_t nova_api_t:file { read open }; > >#!!!! This avc is allowed in the current policy >allow neutron_t nova_cert_t:dir { getattr search }; > >#!!!! This avc is allowed in the current policy >allow neutron_t nova_cert_t:file { read open }; > >#!!!! This avc is allowed in the current policy >allow neutron_t nova_console_t:dir { getattr search }; > >#!!!! This avc is allowed in the current policy >allow neutron_t nova_console_t:file { read open }; > >#!!!! This avc is allowed in the current policy >allow neutron_t nova_scheduler_t:dir { getattr search }; > >#!!!! This avc is allowed in the current policy >allow neutron_t nova_scheduler_t:file { read open }; > >#!!!! This avc is allowed in the current policy >allow neutron_t openvswitch_t:dir { getattr search }; > >#!!!! This avc is allowed in the current policy >allow neutron_t openvswitch_t:file { read open }; > >#!!!! This avc is allowed in the current policy >allow neutron_t osapi_compute_port_t:tcp_socket name_connect; > >#!!!! This avc is allowed in the current policy >allow neutron_t qpidd_t:dir { getattr search }; > >#!!!! This avc is allowed in the current policy >allow neutron_t qpidd_t:file { read open }; > >#!!!! This avc is allowed in the current policy >allow neutron_t rsync_t:dir { getattr search }; > >#!!!! This avc is allowed in the current policy >allow neutron_t rsync_t:file { read open }; > >#!!!! This avc is allowed in the current policy >allow neutron_t self:capability dac_override; > >#!!!! This avc is allowed in the current policy >allow neutron_t self:capability2 block_suspend; > >#!!!! This avc is allowed in the current policy >allow neutron_t self:process signal; > >#!!!! This avc is allowed in the current policy >allow neutron_t sshd_t:dir { getattr search }; > >#!!!! This avc is allowed in the current policy >allow neutron_t sshd_t:file { read open }; > >#!!!! This avc is allowed in the current policy >allow neutron_t swift_t:dir { getattr search }; > >#!!!! This avc is allowed in the current policy >allow neutron_t swift_t:file { read open }; > >#!!!! This avc is allowed in the current policy >allow neutron_t sysctl_net_t:dir search; > >#!!!! This avc is allowed in the current policy >allow neutron_t sysctl_net_t:file { write getattr open }; > >#!!!! This avc is allowed in the current policy >allow neutron_t syslogd_t:dir { getattr search }; > >#!!!! This avc is allowed in the current policy >allow neutron_t syslogd_t:file { read open }; > >#!!!! This avc is allowed in the current policy >allow neutron_t system_cronjob_t:dir { getattr search }; > >#!!!! This avc is allowed in the current policy >allow neutron_t system_cronjob_t:file { read open }; > >#!!!! This avc is allowed in the current policy >allow neutron_t system_dbusd_t:dir { getattr search }; > >#!!!! This avc is allowed in the current policy >allow neutron_t system_dbusd_t:file { read open }; > >#!!!! This avc is allowed in the current policy >allow neutron_t systemd_logind_t:dir { getattr search }; > >#!!!! This avc is allowed in the current policy >allow neutron_t systemd_logind_t:file { read open }; > >#!!!! This avc is allowed in the current policy >allow neutron_t tgtd_t:dir { getattr search }; > >#!!!! This avc is allowed in the current policy >allow neutron_t tgtd_t:file { read open }; > >#!!!! This avc is allowed in the current policy >allow neutron_t udev_t:dir { getattr search }; > >#!!!! This avc is allowed in the current policy >allow neutron_t udev_t:file { read open }; > >#!!!! This avc is allowed in the current policy >allow neutron_t unconfined_t:dir { getattr search }; > >#!!!! This avc is allowed in the current policy >allow neutron_t unconfined_t:file { read open }; > >#!!!! This avc is allowed in the current policy >allow neutron_t unreserved_port_t:tcp_socket name_bind; > >#============= nova_api_t ============== > >#!!!! This avc is allowed in the current policy >allow nova_api_t self:process signal; > >#============= swift_t ============== > >#!!!! This avc is allowed in the current policy >allow swift_t tmpfs_t:dir { write remove_name search add_name }; > >#!!!! This avc is allowed in the current policy >allow swift_t tmpfs_t:file { write getattr link read create unlink open }; > >#!!!! This avc is allowed in the current policy >allow swift_t tmpfs_t:filesystem getattr; > >#!!!! This avc is allowed in the current policy >allow swift_t xserver_port_t:tcp_socket { name_bind name_connect }; > >#============= systemd_sysctl_t ============== > >#!!!! This avc is allowed in the current policy >allow systemd_sysctl_t proc_t:file write;
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=887007">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 1084310
:
882531
|
882532
|
882533
|
884393
|
886758
|
887005
|
887006
|
887007
|
889535
|
889547
|
889548
|
893055
|
893056
|
893057
|
893058