diff options
author | Aaron Conole <aconole@redhat.com> | 2018-06-01 14:28:48 -0400 |
---|---|---|
committer | Ansis Atteka <aatteka@ovn.org> | 2018-06-17 19:32:27 -0700 |
commit | a0efb7c92d45d87de55a75a1fc12f202402925ac (patch) | |
tree | 07048e4296a4d028881a39c974ea9ac33f306140 /selinux/openvswitch-custom.fc.in | |
parent | 341a373d0aae62d669d31ad57895a74bb4c3befc (diff) | |
download | openvswitch-a0efb7c92d45d87de55a75a1fc12f202402925ac.tar.gz |
selinux: introduce domain transitioned kmod helper
This commit uses the previously defined selinux label to transition
from the openvswitch_t to openvswitch_load_module_t domain by
executing ovs-kmod-ctl that is labelled with
openvswitch_load_module_exec_t type.
Note that unless the selinux relabel operation is invoked, the script
will not be labelled. This merely instructs the selinux tools that
ovs-kmod-ctl should have a label applied.
Acked-by: Ansis Atteka <aatteka@ovn.org>
Acked-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Aaron Conole <aconole@redhat.com>
Diffstat (limited to 'selinux/openvswitch-custom.fc.in')
-rw-r--r-- | selinux/openvswitch-custom.fc.in | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/selinux/openvswitch-custom.fc.in b/selinux/openvswitch-custom.fc.in new file mode 100644 index 000000000..c2756d04b --- /dev/null +++ b/selinux/openvswitch-custom.fc.in @@ -0,0 +1 @@ +@pkgdatadir@/scripts/ovs-kmod-ctl -- gen_context(system_u:object_r:openvswitch_load_module_exec_t,s0) |