From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Thu, 5 Jan 2012 20:03:02 +0100
Subject: [refpolicy] New policy for glance from fedora
In-Reply-To: <4ED8EB75.6070605@redhat.com>
References: <4ED8EB75.6070605@redhat.com>
Message-ID: <20120105190301.GG17906@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com
On Fri, Dec 02, 2011 at 10:15:01AM -0500, Daniel J Walsh wrote:
> Glance policy needs definition for glance_registry port.
>
> The Glance project provides services for discovering, registering, and
> retrieving virtual machine images. Glance has a RESTful API that
> allows querying of VM image metadata as well as retrieval of the
> actual image.
>
> VM images made available through Glance can be stored in a variety of
> locations from simple filesystems to object-storage systems like the
> OpenStack Swift project.
>
> Glance, as with all OpenStack projects, is written with the following
> design guidelines in mind:
Some comments on your two domtrans interfaces:
> +########################################
> +##
> +## Transition to glance.
> +##
> +##
> +##
> +## Domain allowed to transition.
> +##
> +##
> +#
> +interface(`glance_domtrans_registry',`
You might want to have the summary to something like "Transition to glance
registry"
Same remark for the glance_domtrans_api one.
Other than that ok.
Acked-by: Sven Vermeulen