From a0efb7c92d45d87de55a75a1fc12f202402925ac Mon Sep 17 00:00:00 2001
From: Aaron Conole <aconole@redhat.com>
Date: Fri, 1 Jun 2018 14:28:48 -0400
Subject: selinux: introduce domain transitioned kmod helper

This commit uses the previously defined selinux label to transition
from the openvswitch_t to openvswitch_load_module_t domain by
executing ovs-kmod-ctl that is labelled with
openvswitch_load_module_exec_t type.

Note that unless the selinux relabel operation is invoked, the script
will not be labelled.  This merely instructs the selinux tools that
ovs-kmod-ctl should have a label applied.

Acked-by: Ansis Atteka <aatteka@ovn.org>
Acked-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Aaron Conole <aconole@redhat.com>
---
 selinux/openvswitch-custom.fc.in | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 selinux/openvswitch-custom.fc.in

(limited to 'selinux/openvswitch-custom.fc.in')

diff --git a/selinux/openvswitch-custom.fc.in b/selinux/openvswitch-custom.fc.in
new file mode 100644
index 000000000..c2756d04b
--- /dev/null
+++ b/selinux/openvswitch-custom.fc.in
@@ -0,0 +1 @@
+@pkgdatadir@/scripts/ovs-kmod-ctl -- gen_context(system_u:object_r:openvswitch_load_module_exec_t,s0)
-- 
cgit v1.2.1