selinux: Allow getattr on lnk sysfs files

This showed up during downstream testing for luminous. We are doing getattr on the sysfs lnk files and the current policy does not allow this. Signed-off-by: Boris Ranto <branto@redhat.com>
author: Boris Ranto <branto@redhat.com> 2017-09-21 17:24:07 +0200
committer: Boris Ranto <branto@redhat.com> 2017-09-21 17:24:10 +0200
commit: 394c26adb97cd150233fe8760355f486d03624a4 (patch)
tree: 2e329f1deb5ed53eefd7f9c0a648bc0469114b23 /selinux
parent: Merge pull request #17872 from joscollin/wip-osdmap-signed-unsigned-warning (diff)
download: ceph-394c26adb97cd150233fe8760355f486d03624a4.tar.xz
ceph-394c26adb97cd150233fe8760355f486d03624a4.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/selinux/ceph.te b/selinux/ceph.te
index 552f73601cd..0a9349803b1 100644
--- a/selinux/ceph.te
+++ b/selinux/ceph.te
@@ -106,7 +106,7 @@ files_manage_generic_locks(ceph_t)
 
 allow ceph_t sysfs_t:dir read;
 allow ceph_t sysfs_t:file { read getattr open };
-allow ceph_t sysfs_t:lnk_file read;
+allow ceph_t sysfs_t:lnk_file { read getattr };
 
 allow ceph_t random_device_t:chr_file getattr;
 allow ceph_t urandom_device_t:chr_file getattr;
author	Boris Ranto <branto@redhat.com>	2017-09-21 17:24:07 +0200
committer	Boris Ranto <branto@redhat.com>	2017-09-21 17:24:10 +0200
commit	394c26adb97cd150233fe8760355f486d03624a4 (patch)
tree	2e329f1deb5ed53eefd7f9c0a648bc0469114b23 /selinux
parent	Merge pull request #17872 from joscollin/wip-osdmap-signed-unsigned-warning (diff)
download	ceph-394c26adb97cd150233fe8760355f486d03624a4.tar.xz ceph-394c26adb97cd150233fe8760355f486d03624a4.zip