Return-Path: X-Original-To: apmail-incubator-cloudstack-commits-archive@minotaur.apache.org Delivered-To: apmail-incubator-cloudstack-commits-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id E1C2EFE46 for ; Wed, 20 Mar 2013 01:41:29 +0000 (UTC) Received: (qmail 29799 invoked by uid 500); 20 Mar 2013 01:41:19 -0000 Delivered-To: apmail-incubator-cloudstack-commits-archive@incubator.apache.org Received: (qmail 29721 invoked by uid 500); 20 Mar 2013 01:41:18 -0000 Mailing-List: contact cloudstack-commits-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: cloudstack-dev@incubator.apache.org Delivered-To: mailing list cloudstack-commits@incubator.apache.org Received: (qmail 29054 invoked by uid 99); 20 Mar 2013 01:41:18 -0000 Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org) (140.211.11.114) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 20 Mar 2013 01:41:18 +0000 Received: by tyr.zones.apache.org (Postfix, from userid 65534) id EC41A3D401; Wed, 20 Mar 2013 01:41:17 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: muralireddy@apache.org To: cloudstack-commits@incubator.apache.org X-Mailer: ASF-Git Admin Mailer Subject: [19/50] [abbrv] git commit: refs/heads/gslb-wip - CLOUDSTACK-337 - first iteration of an agent SELinux policy Message-Id: <20130320014117.EC41A3D401@tyr.zones.apache.org> Date: Wed, 20 Mar 2013 01:41:17 +0000 (UTC) CLOUDSTACK-337 - first iteration of an agent SELinux policy Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/f0a77d67 Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/f0a77d67 Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/f0a77d67 Branch: refs/heads/gslb-wip Commit: f0a77d67cc0776a33e3bd12e4f69a4f15c4b3c36 Parents: b130e8b Author: David Nalley Authored: Sat Mar 16 13:26:24 2013 -0400 Committer: David Nalley Committed: Sat Mar 16 13:26:24 2013 -0400 ---------------------------------------------------------------------- packaging/centos63/cloudstack-agent.te | 33 +++++++++++++++++++++++++++ 1 files changed, 33 insertions(+), 0 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/f0a77d67/packaging/centos63/cloudstack-agent.te ---------------------------------------------------------------------- diff --git a/packaging/centos63/cloudstack-agent.te b/packaging/centos63/cloudstack-agent.te new file mode 100644 index 0000000..4259e17 --- /dev/null +++ b/packaging/centos63/cloudstack-agent.te @@ -0,0 +1,33 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +module cloudstack-agent 1.0; + +require { + type nfs_t; + type system_conf_t; + type mount_t; + type qemu_t; + class file unlink; + class filesystem getattr; +} + +#============= mount_t ============== +allow mount_t system_conf_t:file unlink; + +#============= qemu_t ============== +allow qemu_t nfs_t:filesystem getattr;