diff options
| author | Boris Ranto <branto@redhat.com> | 2016-09-29 12:08:39 +0200 |
|---|---|---|
| committer | Boris Ranto <branto@redhat.com> | 2016-09-29 15:02:23 +0200 |
| commit | f8a0e201ee54759695ef44f7ed98b3b9705fafe3 (patch) | |
| tree | 14ae4152a3d97231d0c02f795cc19142a4f893d7 | |
| parent | Merge pull request #11185 from dillaman/wip-17355 (diff) | |
| download | ceph-f8a0e201ee54759695ef44f7ed98b3b9705fafe3.tar.xz ceph-f8a0e201ee54759695ef44f7ed98b3b9705fafe3.zip | |
selinux: Allow ceph to manage tmp files
Two new denials showed up in testing that relate to ceph trying to
manage (rename and unlink) tmp files. This commit allows ceph to manage
the files.
Fixes: http://tracker.ceph.com/issues/17436
Signed-off-by: Boris Ranto <branto@redhat.com>
| -rw-r--r-- | selinux/ceph.te | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/selinux/ceph.te b/selinux/ceph.te index 179396aaef9..4eab40d8fc5 100644 --- a/selinux/ceph.te +++ b/selinux/ceph.te @@ -93,6 +93,7 @@ allow ceph_t self:tcp_socket { accept listen }; corenet_tcp_connect_cyphesis_port(ceph_t) corenet_tcp_connect_generic_port(ceph_t) files_list_tmp(ceph_t) +files_manage_generic_tmp_files(ceph_t) fstools_exec(ceph_t) nis_use_ypbind_uncond(ceph_t) storage_raw_rw_fixed_disk(ceph_t) |