-
Notifications
You must be signed in to change notification settings - Fork 30
/
os-cinder.te
39 lines (32 loc) · 1.09 KB
/
os-cinder.te
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
policy_module(os-cinder,0.1)
gen_require(`
type cinder_log_t;
type cinder_backup_t;
type systemd_logind_t;
type cinder_volume_t;
type cinder_var_lib_t;
type httpd_t;
class file { open create append getattr lock };
class dir { add_name write create };
class dbus { send_msg };
attribute cinder_domain;
')
# Bugzilla 1325623
allow httpd_t cinder_log_t:file { open create };
allow httpd_t cinder_log_t:dir { add_name write };
# Bugzilla 1820504 and 2053849
manage_dirs_pattern(httpd_t, cinder_var_lib_t, cinder_var_lib_t);
# Allow httpd to handle files in statedir
manage_files_pattern(httpd_t, cinder_var_lib_t, cinder_var_lib_t);
# Bugzilla 1384472
iscsid_domtrans(cinder_backup_t);
# Bugzilla #1628679
allow systemd_logind_t cinder_volume_t:dbus { send_msg };
# Bugzilla 1653640
gen_tunable(os_cinder_use_nfs, false)
tunable_policy(`os_cinder_use_nfs',`
fs_manage_nfs_dirs(cinder_domain)
fs_manage_nfs_files(cinder_domain)
fs_manage_nfs_symlinks(cinder_domain)
fs_exec_nfs_files(cinder_domain)
')