From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Thu, 5 Jan 2012 20:03:02 +0100
Subject: [refpolicy] New policy for glance from fedora
In-Reply-To: <4ED8EB75.6070605@redhat.com>
References: <4ED8EB75.6070605@redhat.com>
Message-ID: <20120105190301.GG17906@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Fri, Dec 02, 2011 at 10:15:01AM -0500, Daniel J Walsh wrote:
> Glance policy needs definition for glance_registry port.
> 
> The Glance project provides services for discovering, registering, and
> retrieving virtual machine images. Glance has a RESTful API that
> allows querying of VM image metadata as well as retrieval of the
> actual image.
> 
> VM images made available through Glance can be stored in a variety of
> locations from simple filesystems to object-storage systems like the
> OpenStack Swift project.
> 
> Glance, as with all OpenStack projects, is written with the following
> design guidelines in mind:

Some comments on your two domtrans interfaces:
> +########################################
> +## <summary>
> +##	Transition to glance.
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +##	Domain allowed to transition.
> +## </summary>
> +## </param>
> +#
> +interface(`glance_domtrans_registry',`

You might want to have the summary to something like "Transition to glance
registry"

Same remark for the glance_domtrans_api one.

Other than that ok.

Acked-by: Sven Vermeulen <sven.vermeulen@siphos.be>