Custom policy for ssh-keygen failure
This patch contains a custom policy to allow ssh-keygen to write to /tmp. This action is blocked by SELinux. The custom policy is needed until the upstream SELinux policy is updated for Fedora or nova is modified to call ssh-keygen to write out to a different directory. Partial-Bug: 1284485 Change-Id: I59de4e88d9343e093a95436432e2e4d68f425d06
This commit is contained in:
parent
43e2b577b8
commit
77d89ebad4
|
@ -0,0 +1,13 @@
|
|||
|
||||
module tripleo-selinux-ssh 1.0;
|
||||
|
||||
require {
|
||||
type ssh_keygen_t;
|
||||
type init_tmp_t;
|
||||
class file open;
|
||||
}
|
||||
|
||||
#============= ssh_keygen_t ==============
|
||||
# https://bugs.launchpad.net/tripleo/+bug/1284485
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1125442
|
||||
allow ssh_keygen_t init_tmp_t:file open;
|
Loading…
Reference in New Issue