Patch Detail

HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 807651,
    "url": "http://patchwork.ozlabs.org/api/patches/807651/?format=api",
    "web_url": "http://patchwork.ozlabs.org/project/openvswitch/patch/20170830140035.22828-4-aconole@redhat.com/",
    "project": {
        "id": 47,
        "url": "http://patchwork.ozlabs.org/api/projects/47/?format=api",
        "name": "Open vSwitch",
        "link_name": "openvswitch",
        "list_id": "ovs-dev.openvswitch.org",
        "list_email": "ovs-dev@openvswitch.org",
        "web_url": "http://openvswitch.org/",
        "scm_url": "git@github.com:openvswitch/ovs.git",
        "webscm_url": "https://github.com/openvswitch/ovs",
        "list_archive_url": "",
        "list_archive_url_format": "",
        "commit_url_format": ""
    },
    "msgid": "<20170830140035.22828-4-aconole@redhat.com>",
    "list_archive_url": null,
    "date": "2017-08-30T14:00:35",
    "name": "[ovs-dev,v2,3/3] selinux: update policy to reflect non-root and dpdk support",
    "commit_ref": null,
    "pull_url": null,
    "state": "superseded",
    "archived": false,
    "hash": "8fc49c5eaba3c589dab760094c7c910e5d32ed92",
    "submitter": {
        "id": 67184,
        "url": "http://patchwork.ozlabs.org/api/people/67184/?format=api",
        "name": "Aaron Conole",
        "email": "aconole@redhat.com"
    },
    "delegate": null,
    "mbox": "http://patchwork.ozlabs.org/project/openvswitch/patch/20170830140035.22828-4-aconole@redhat.com/mbox/",
    "series": [
        {
            "id": 620,
            "url": "http://patchwork.ozlabs.org/api/series/620/?format=api",
            "web_url": "http://patchwork.ozlabs.org/project/openvswitch/list/?series=620",
            "date": "2017-08-30T14:00:32",
            "name": "updated selinux policy for Open vSwitch",
            "version": 2,
            "mbox": "http://patchwork.ozlabs.org/series/620/mbox/"
        }
    ],
    "comments": "http://patchwork.ozlabs.org/api/patches/807651/comments/",
    "check": "pending",
    "checks": "http://patchwork.ozlabs.org/api/patches/807651/checks/",
    "tags": {},
    "related": [],
    "headers": {
        "Return-Path": "<ovs-dev-bounces@openvswitch.org>",
        "X-Original-To": [
            "incoming@patchwork.ozlabs.org",
            "dev@openvswitch.org"
        ],
        "Delivered-To": [
            "patchwork-incoming@bilbo.ozlabs.org",
            "ovs-dev@mail.linuxfoundation.org"
        ],
        "Authentication-Results": [
            "ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=openvswitch.org\n\t(client-ip=140.211.169.12; helo=mail.linuxfoundation.org;\n\tenvelope-from=ovs-dev-bounces@openvswitch.org;\n\treceiver=<UNKNOWN>)",
            "ext-mx03.extmail.prod.ext.phx2.redhat.com;\n\tdmarc=none (p=none dis=none) header.from=redhat.com",
            "ext-mx03.extmail.prod.ext.phx2.redhat.com;\n\tspf=fail smtp.mailfrom=aconole@redhat.com"
        ],
        "Received": [
            "from mail.linuxfoundation.org (mail.linuxfoundation.org\n\t[140.211.169.12])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256\n\tbits)) (No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xj6f40tjmz9sNc\n\tfor <incoming@patchwork.ozlabs.org>;\n\tThu, 31 Aug 2017 00:02:52 +1000 (AEST)",
            "from mail.linux-foundation.org (localhost [127.0.0.1])\n\tby mail.linuxfoundation.org (Postfix) with ESMTP id 52ED9AE7;\n\tWed, 30 Aug 2017 14:00:49 +0000 (UTC)",
            "from smtp1.linuxfoundation.org (smtp1.linux-foundation.org\n\t[172.17.192.35])\n\tby mail.linuxfoundation.org (Postfix) with ESMTPS id 93974AB9\n\tfor <dev@openvswitch.org>; Wed, 30 Aug 2017 14:00:45 +0000 (UTC)",
            "from mx1.redhat.com (mx1.redhat.com [209.132.183.28])\n\tby smtp1.linuxfoundation.org (Postfix) with ESMTPS id 441FA42E\n\tfor <dev@openvswitch.org>; Wed, 30 Aug 2017 14:00:45 +0000 (UTC)",
            "from smtp.corp.redhat.com\n\t(int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14])\n\t(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby mx1.redhat.com (Postfix) with ESMTPS id A69A87EBD6;\n\tWed, 30 Aug 2017 14:00:44 +0000 (UTC)",
            "from dhcp-25-97.bos.redhat.com (unknown [10.18.25.172])\n\tby smtp.corp.redhat.com (Postfix) with ESMTP id 2610791552;\n\tWed, 30 Aug 2017 14:00:44 +0000 (UTC)"
        ],
        "X-Greylist": [
            "domain auto-whitelisted by SQLgrey-1.7.6",
            "Sender IP whitelisted, not delayed by milter-greylist-4.5.16\n\t(mx1.redhat.com [10.5.110.27]);\n\tWed, 30 Aug 2017 14:00:44 +0000 (UTC)"
        ],
        "DMARC-Filter": "OpenDMARC Filter v1.3.2 mx1.redhat.com A69A87EBD6",
        "From": "Aaron Conole <aconole@redhat.com>",
        "To": "dev@openvswitch.org",
        "Date": "Wed, 30 Aug 2017 10:00:35 -0400",
        "Message-Id": "<20170830140035.22828-4-aconole@redhat.com>",
        "In-Reply-To": "<20170830140035.22828-1-aconole@redhat.com>",
        "References": "<20170830140035.22828-1-aconole@redhat.com>",
        "X-Scanned-By": "MIMEDefang 2.79 on 10.5.11.14",
        "X-Spam-Status": "No, score=-5.0 required=5.0 tests=RCVD_IN_DNSWL_HI,\n\tRP_MATCHES_RCVD autolearn=disabled version=3.3.1",
        "X-Spam-Checker-Version": "SpamAssassin 3.3.1 (2010-03-16) on\n\tsmtp1.linux-foundation.org",
        "Cc": "Flavio Leitner <fbl@sysclose.org>, Ansis Atteka <aatteka@ovn.org>",
        "Subject": "[ovs-dev] [PATCH v2 3/3] selinux: update policy to reflect non-root\n\tand dpdk support",
        "X-BeenThere": "ovs-dev@openvswitch.org",
        "X-Mailman-Version": "2.1.12",
        "Precedence": "list",
        "List-Id": "<ovs-dev.openvswitch.org>",
        "List-Unsubscribe": "<https://mail.openvswitch.org/mailman/options/ovs-dev>,\n\t<mailto:ovs-dev-request@openvswitch.org?subject=unsubscribe>",
        "List-Archive": "<http://mail.openvswitch.org/pipermail/ovs-dev/>",
        "List-Post": "<mailto:ovs-dev@openvswitch.org>",
        "List-Help": "<mailto:ovs-dev-request@openvswitch.org?subject=help>",
        "List-Subscribe": "<https://mail.openvswitch.org/mailman/listinfo/ovs-dev>,\n\t<mailto:ovs-dev-request@openvswitch.org?subject=subscribe>",
        "MIME-Version": "1.0",
        "Content-Type": "text/plain; charset=\"us-ascii\"",
        "Content-Transfer-Encoding": "7bit",
        "Sender": "ovs-dev-bounces@openvswitch.org",
        "Errors-To": "ovs-dev-bounces@openvswitch.org"
    },
    "content": "The selinux policy that exists in the repository did not specify access to\nall of the resources needed for Open vSwitch to properly function with\nan enforcing selinux policy.  This update allows Open vSwitch to operate\nwith selinux set to Enforcing mode, even while running as a non-root user.\n\nAcked-by: Flavio Leitner <fbl@sysclose.org>\nSigned-off-by: Aaron Conole <aconole@redhat.com>\nTested-by: Jean Hsiao <jhsiao@redhat.com>\n---\n selinux/openvswitch-custom.te.in | 40 +++++++++++++++++++++++++++++++++++++++-\n 1 file changed, 39 insertions(+), 1 deletion(-)",
    "diff": "diff --git a/selinux/openvswitch-custom.te.in b/selinux/openvswitch-custom.te.in\nindex 47ddb56..66cb678 100644\n--- a/selinux/openvswitch-custom.te.in\n+++ b/selinux/openvswitch-custom.te.in\n@@ -2,15 +2,53 @@ module openvswitch-custom 1.0.1;\n \n require {\n         type openvswitch_t;\n+        type openvswitch_rw_t;\n         type openvswitch_tmp_t;\n+        type openvswitch_var_run_t;\n+\n         type ifconfig_exec_t;\n         type hostname_exec_t;\n+        type tun_tap_device_t;\n+\n+@begin_dpdk@\n+        type hugetlbfs_t;\n+        type kernel_t;\n+        type svirt_image_t;\n+        type vfio_device_t;\n+@end_dpdk@\n+\n+        class capability { dac_override audit_write };\n+        class dir { write remove_name add_name lock read };\n+        class file { write getattr read open execute execute_no_trans create unlink };\n+        class netlink_audit_socket { create nlmsg_relay audit_write read write };\n         class netlink_socket { setopt getopt create connect getattr write read };\n-        class file { write getattr read open execute execute_no_trans };\n+        class unix_stream_socket { write getattr read connectto connect setopt getopt sendto accept bind recvfrom acceptfrom };\n+\n+@begin_dpdk@\n+        class chr_file { write getattr read open ioctl };\n+        class tun_socket { relabelfrom relabelto create };\n+@end_dpdk@\n }\n \n #============= openvswitch_t ==============\n+allow openvswitch_t self:capability { dac_override audit_write };\n+allow openvswitch_t self:netlink_audit_socket { create nlmsg_relay audit_write read write };\n allow openvswitch_t self:netlink_socket { setopt getopt create connect getattr write read };\n+\n allow openvswitch_t hostname_exec_t:file { read getattr open execute execute_no_trans };\n allow openvswitch_t ifconfig_exec_t:file { read getattr open execute execute_no_trans };\n+\n+allow openvswitch_t openvswitch_rw_t:dir { write remove_name add_name lock read };\n+allow openvswitch_t openvswitch_rw_t:file { write getattr read open execute execute_no_trans create unlink };\n allow openvswitch_t openvswitch_tmp_t:file { execute execute_no_trans };\n+allow openvswitch_t openvswitch_tmp_t:unix_stream_socket { write getattr read connectto connect setopt getopt sendto accept bind recvfrom acceptfrom };\n+\n+@begin_dpdk@\n+allow openvswitch_t hugetlbfs_t:dir { write remove_name add_name lock read };\n+allow openvswitch_t hugetlbfs_t:file { create unlink };\n+allow openvswitch_t kernel_t:unix_stream_socket { write getattr read connectto connect setopt getopt sendto accept bind recvfrom acceptfrom };\n+allow openvswitch_t self:tun_socket { relabelfrom relabelto create };\n+allow openvswitch_t svirt_image_t:file { getattr read write };\n+allow openvswitch_t tun_tap_device_t:chr_file { read write getattr open ioctl };\n+allow openvswitch_t vfio_device_t:chr_file { read write open ioctl getattr };\n+@end_dpdk@\n",
    "prefixes": [
        "ovs-dev",
        "v2",
        "3/3"
    ]
}