packages/openvswitch
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add more capabilities to openvswitch_load_module_t

Browse Source 
When openvswitch starts, it is denied reading modules.* files, so this patch allows openvswitch to do so.

Signed-off-by: bigclouds <yuelg@chinaunicom.cn>
(cherry picked from commit e968019d8d5f3f283d795bcb2bdfec37e8773ca2)
This commit is contained in:
bigclouds 2022-11-07 02:12:41 +00:00 committed by openeuler-sync-bot
parent 44c49e6716
commit 2561da764f
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
fix-selinux-err.patch
View File

@ -32,7 +32,7 @@ index b2c63ab..8f76c14 100644
allow openvswitch_load_module_t kernel_t:system module_request;
allow openvswitch_load_module_t modules_conf_t:dir { getattr open read search };
allow openvswitch_load_module_t modules_conf_t:file { getattr open read };
+allow openvswitch_load_module_t modules_dep_t:file open;
+allow openvswitch_load_module_t modules_dep_t:file { getattr map open read };
allow openvswitch_load_module_t modules_object_t:file { map getattr open read };
allow openvswitch_load_module_t modules_object_t:dir { getattr open read search };
allow openvswitch_load_module_t openvswitch_load_module_exec_t:file { entrypoint };