{"id":808838,"url":"http://patchwork.ozlabs.org/api/1.0/patches/808838/?format=json","project":{"id":47,"url":"http://patchwork.ozlabs.org/api/1.0/projects/47/?format=json","name":"Open vSwitch","link_name":"openvswitch","list_id":"ovs-dev.openvswitch.org","list_email":"ovs-dev@openvswitch.org","web_url":"http://openvswitch.org/","scm_url":"git@github.com:openvswitch/ovs.git","webscm_url":"https://github.com/openvswitch/ovs"},"msgid":"<20170901171740.27234-2-aconole@redhat.com>","date":"2017-09-01T17:17:38","name":"[ovs-dev,1/3] selinux: move chr_file to non-dpdk as well","commit_ref":null,"pull_url":null,"state":"accepted","archived":false,"hash":"f9d105ec284eec1ebc22dd7daa3d3cb33ea03a7f","submitter":{"id":67184,"url":"http://patchwork.ozlabs.org/api/1.0/people/67184/?format=json","name":"Aaron Conole","email":"aconole@redhat.com"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/openvswitch/patch/20170901171740.27234-2-aconole@redhat.com/mbox/","series":[{"id":1081,"url":"http://patchwork.ozlabs.org/api/1.0/series/1081/?format=json","date":"2017-09-01T17:17:38","name":"Address some fallout from the selinux patches","version":1,"mbox":"http://patchwork.ozlabs.org/series/1081/mbox/"}],"check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/808838/checks/","tags":{},"headers":{"Return-Path":"","X-Original-To":["incoming@patchwork.ozlabs.org","dev@openvswitch.org"],"Delivered-To":["patchwork-incoming@bilbo.ozlabs.org","ovs-dev@mail.linuxfoundation.org"],"Authentication-Results":["ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=openvswitch.org\n\t(client-ip=140.211.169.12; helo=mail.linuxfoundation.org;\n\tenvelope-from=ovs-dev-bounces@openvswitch.org;\n\treceiver=)","ext-mx10.extmail.prod.ext.phx2.redhat.com;\n\tdmarc=none (p=none dis=none) header.from=redhat.com","ext-mx10.extmail.prod.ext.phx2.redhat.com;\n\tspf=fail smtp.mailfrom=aconole@redhat.com"],"Received":["from mail.linuxfoundation.org (mail.linuxfoundation.org\n\t[140.211.169.12])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256\n\tbits)) (No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xkQvH0LLCz9t2x\n\tfor ;\n\tSat, 2 Sep 2017 03:18:48 +1000 (AEST)","from mail.linux-foundation.org (localhost [127.0.0.1])\n\tby mail.linuxfoundation.org (Postfix) with ESMTP id ABBD4D7E;\n\tFri, 1 Sep 2017 17:17:45 +0000 (UTC)","from smtp1.linuxfoundation.org (smtp1.linux-foundation.org\n\t[172.17.192.35])\n\tby mail.linuxfoundation.org (Postfix) with ESMTPS id DE147D6F\n\tfor ; Fri, 1 Sep 2017 17:17:42 +0000 (UTC)","from mx1.redhat.com (mx1.redhat.com [209.132.183.28])\n\tby smtp1.linuxfoundation.org (Postfix) with ESMTPS id AE1131F2\n\tfor ; Fri, 1 Sep 2017 17:17:42 +0000 (UTC)","from smtp.corp.redhat.com\n\t(int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14])\n\t(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby mx1.redhat.com (Postfix) with ESMTPS id 335D261483;\n\tFri, 1 Sep 2017 17:17:42 +0000 (UTC)","from dhcp-25-97.bos.redhat.com (unknown [10.18.25.172])\n\tby smtp.corp.redhat.com (Postfix) with ESMTP id D24F417ACC;\n\tFri, 1 Sep 2017 17:17:41 +0000 (UTC)"],"X-Greylist":["domain auto-whitelisted by SQLgrey-1.7.6","Sender IP whitelisted, not delayed by milter-greylist-4.5.16\n\t(mx1.redhat.com [10.5.110.39]);\n\tFri, 01 Sep 2017 17:17:42 +0000 (UTC)"],"DMARC-Filter":"OpenDMARC Filter v1.3.2 mx1.redhat.com 335D261483","From":"Aaron Conole ","To":"dev@openvswitch.org","Date":"Fri, 1 Sep 2017 13:17:38 -0400","Message-Id":"<20170901171740.27234-2-aconole@redhat.com>","In-Reply-To":"<20170901171740.27234-1-aconole@redhat.com>","References":"<20170901171740.27234-1-aconole@redhat.com>","X-Scanned-By":"MIMEDefang 2.79 on 10.5.11.14","X-Spam-Status":"No, score=-5.0 required=5.0 tests=RCVD_IN_DNSWL_HI,\n\tRP_MATCHES_RCVD autolearn=disabled version=3.3.1","X-Spam-Checker-Version":"SpamAssassin 3.3.1 (2010-03-16) on\n\tsmtp1.linux-foundation.org","Cc":"Ansis Atteka ","Subject":"[ovs-dev] [PATCH 1/3] selinux: move chr_file to non-dpdk as well","X-BeenThere":"ovs-dev@openvswitch.org","X-Mailman-Version":"2.1.12","Precedence":"list","List-Id":"","List-Unsubscribe":",\n\t","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n\t","MIME-Version":"1.0","Content-Type":"text/plain; charset=\"us-ascii\"","Content-Transfer-Encoding":"7bit","Sender":"ovs-dev-bounces@openvswitch.org","Errors-To":"ovs-dev-bounces@openvswitch.org"},"content":"A last-minute change to the selinux policy caught by testing\nincorrectly omitted moving a definition from non-dpdk to dpdk.\n\nThis moves the chr_file definition to a non-dpdk enabled permission,\nwhich should allow non-dpdk enabled builds to work.\n\nFixes: 84d272330506 (\"selinux: update policy to reflect non-root and dpdk support\")\nSigned-off-by: Aaron Conole \n---\n selinux/openvswitch-custom.te.in | 2 +-\n 1 file changed, 1 insertion(+), 1 deletion(-)","diff":"diff --git a/selinux/openvswitch-custom.te.in b/selinux/openvswitch-custom.te.in\nindex 853de16..c1a774f 100644\n--- a/selinux/openvswitch-custom.te.in\n+++ b/selinux/openvswitch-custom.te.in\n@@ -18,6 +18,7 @@ require {\n @end_dpdk@\n \n class capability { dac_override audit_write };\n+ class chr_file { write getattr read open ioctl };\n class dir { write remove_name add_name lock read };\n class file { write getattr read open execute execute_no_trans create unlink };\n class netlink_audit_socket { create nlmsg_relay audit_write read write };\n@@ -25,7 +26,6 @@ require {\n class unix_stream_socket { write getattr read connectto connect setopt getopt sendto accept bind recvfrom acceptfrom };\n \n @begin_dpdk@\n- class chr_file { write getattr read open ioctl };\n class tun_socket { relabelfrom relabelto create };\n @end_dpdk@\n }\n","prefixes":["ovs-dev","1/3"]}