diff options
| author | Boris Ranto <branto@redhat.com> | 2019-07-16 19:10:48 +0200 |
|---|---|---|
| committer | Boris Ranto <branto@redhat.com> | 2019-07-16 19:10:51 +0200 |
| commit | ef191068d6c8147f52ac264097a62698d1f67be8 (patch) | |
| tree | 3db0b481e140d4aadaf5c13a3c00f2c7bc42f0f7 | |
| parent | Merge PR #29030 into master (diff) | |
| download | ceph-ef191068d6c8147f52ac264097a62698d1f67be8.tar.xz ceph-ef191068d6c8147f52ac264097a62698d1f67be8.zip | |
selinux: Allow ceph to read udev db
We are using libudev and reading the udev db files because of that. We
need to allow ceph to access these files in the SELinux policy.
Signed-off-by: Boris Ranto <branto@redhat.com>
| -rw-r--r-- | selinux/ceph.te | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/selinux/ceph.te b/selinux/ceph.te index 90b4e1bee64..c3be384c56b 100644 --- a/selinux/ceph.te +++ b/selinux/ceph.te @@ -105,6 +105,8 @@ logging_send_syslog_msg(ceph_t) sysnet_dns_name_resolve(ceph_t) +udev_read_db(ceph_t) + allow ceph_t nvme_device_t:blk_file { getattr ioctl open read write }; # basis for future security review |