selinux: Fix man page location

The SELinux man page was previously located in two places and the man
page that was supposed to be updated when rgw selinux changes were
proposed did not get updated properly. Fixing this by moving
selinux/ceph_selinux.8 to man/ceph_selinux.8. Also, populate EXTRA_DIST
with ceph_selinux.8.

Signed-off-by: Boris Ranto <branto@redhat.com>

1 files changed, 51 insertions, 5 deletions

diff --git a/man/ceph_selinux.8 b/man/ceph_selinux.8
index de74807c8ed..a646374bd55 100644
--- a/man/ceph_selinux.8
+++ b/man/ceph_selinux.8
@@ -1,4 +1,4 @@
-.TH  "ceph_selinux"  "8"  "15-06-17" "ceph" "SELinux Policy ceph"
+.TH  "ceph_selinux"  "8"  "15-08-10" "ceph" "SELinux Policy ceph"
 .SH "NAME"
 ceph_selinux \- Security Enhanced Linux Policy for the ceph processes
 .SH "DESCRIPTION"
@@ -18,7 +18,7 @@ The ceph_t SELinux type can be entered via the \fBceph_exec_t\fP file type.
 
 The default entrypoint paths for the ceph_t domain are the following:
 
-/usr/bin/ceph-mon, /usr/bin/ceph-mds, /usr/bin/ceph-osd
+/usr/bin/radosgw, /usr/bin/ceph-mon, /usr/bin/ceph-mds, /usr/bin/ceph-osd
 .SH PROCESS TYPES
 SELinux defines process types (domains) for each process running on the system
 .PP
@@ -145,6 +145,22 @@ If you want to allow confined applications to use nscd shared memory, you must t
 
 .EE
 
+.SH NSSWITCH DOMAIN
+
+.PP
+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd server for the ceph_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
+
+.EX
+.B setsebool -P authlogin_nsswitch_use_ldap 1
+.EE
+
+.PP
+If you want to allow confined applications to run with kerberos for the ceph_t, you must turn on the kerberos_enabled boolean.
+
+.EX
+.B setsebool -P kerberos_enabled 1
+.EE
+
 .SH "MANAGED FILES"
 
 The SELinux process type ceph_t can manage files labeled with the following file types.  The paths listed are the default paths for these file types.  Note the processes UID still need to have DAC permissions.
@@ -216,6 +232,12 @@ The SELinux process type ceph_t can manage files labeled with the following file
 .br
 
 .br
+.B fsadm_var_run_t
+
+	/var/run/blkid(/.*)?
+.br
+
+.br
 .B root_t
 
 	/
@@ -223,6 +245,22 @@ The SELinux process type ceph_t can manage files labeled with the following file
 	/initrd
 .br
 
+.br
+.B var_run_t
+
+	/run/.*
+.br
+	/var/run/.*
+.br
+	/run
+.br
+	/var/run
+.br
+	/var/run
+.br
+	/var/spool/postfix/pid
+.br
+
 .SH FILE CONTEXTS
 SELinux requires files to have an extended attribute to define the file type.
 .PP
@@ -238,7 +276,7 @@ SELinux ceph policy is very flexible allowing users to setup their ceph processe
 SELinux defines the file context types for the ceph, if you wanted to
 store files with these types in a diffent paths, you need to execute the semanage command to sepecify alternate labeling and then use restorecon to put the labels on disk.
 
-.B semanage fcontext -a -t ceph_var_run_t '/srv/myceph_content(/.*)?'
+.B semanage fcontext -a -t ceph_exec_t '/srv/ceph/content(/.*)?'
 .br
 .B restorecon -R -v /srv/myceph_content
 
@@ -257,7 +295,7 @@ Note: SELinux often uses regular expressions to specify labels that match multip
 .br
 .TP 5
 Paths:
-/usr/bin/ceph-mon, /usr/bin/ceph-mds, /usr/bin/ceph-osd
+/usr/bin/radosgw, /usr/bin/ceph-mon, /usr/bin/ceph-mds, /usr/bin/ceph-osd
 
 .EX
 .PP
@@ -266,6 +304,10 @@ Paths:
 
 - Set files with the ceph_initrc_exec_t type, if you want to transition an executable to the ceph_initrc_t domain.
 
+.br
+.TP 5
+Paths:
+/etc/rc\.d/init\.d/ceph, /etc/rc\.d/init\.d/radosgw
 
 .EX
 .PP
@@ -274,6 +316,10 @@ Paths:
 
 - Set files with the ceph_log_t type, if you want to treat the data as ceph log data, usually stored under the /var/log directory.
 
+.br
+.TP 5
+Paths:
+/var/log/ceph(/.*)?
 
 .EX
 .PP
@@ -321,4 +367,4 @@ This manual page was auto-generated using
 
 .SH "SEE ALSO"
 selinux(8), ceph(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
-, setsebool(8)
\ No newline at end of file
+, setsebool(8)