ceph - ceph

	Commit message (Collapse)	Author	Age	Files	Lines
*	selinux: Allow to manage locks	Boris Ranto	2016-03-08	1	-0/+1
\| \| \| \| \| \| \| \| \|	We currently create the ceph lock by an unconfined process (ceph-disk). Unconfined processes inherit the context from the parrent directory. This allows ceph daemons to access the files with context inherrited from the parent directory (/var/lock \| /run/lock). Signed-off-by: Boris Ranto <branto@redhat.com>
*	selinux: allow dac_override capability	Boris Ranto	2016-03-08	1	-1/+1
\| \| \| \| \|	Fixes: #14870 Signed-off-by: Boris Ranto <branto@redhat.com>
*	selinux: Allow log files to be located in /var/log/radosgw	Boris Ranto	2016-02-11	2	-1/+2
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	We do suggest users to put their logs in /var/log/radosgw in the documentation at times. We should also label that directory with ceph_var_log_t so that ceph daemons can also write there. The commit also updates the man page for this policy. This man page is automatically generated by * sepolicy manpage -p . -d ceph_t and have not been reloaded in a while. Hence, it contains few more changes than the new radosgw directory. Signed-off-by: Boris Ranto <branto@redhat.com>
*	selinux: Fix man page location	Boris Ranto	2015-10-06	1	-370/+0
\| \| \| \| \| \| \| \| \| \|	The SELinux man page was previously located in two places and the man page that was supposed to be updated when rgw selinux changes were proposed did not get updated properly. Fixing this by moving selinux/ceph_selinux.8 to man/ceph_selinux.8. Also, populate EXTRA_DIST with ceph_selinux.8. Signed-off-by: Boris Ranto <branto@redhat.com>
*	radosgw: log to /var/log/ceph instead of /var/log/radosgw	Sage Weil	2015-09-16	2	-5/+2
\| \| \| \| \| \|	This is simpler. Signed-off-by: Sage Weil <sage@redhat.com>
*	selinux: Update policy for radosgw	Boris Ranto	2015-09-11	3	-13/+61
\| \| \| \| \| \| \|	The current SELinux policy does not cover radosgw daemon. This patch introduces the SELinux support for radosgw daemon (civetweb only). Signed-off-by: Boris Ranto <branto@redhat.com>
*	selinux: Add .gitignore file	Boris Ranto	2015-08-05	1	-0/+3
\| \| \| \| \| \| \|	The gitbuilders release script needs this. Otherwise, the ceph-release build will fail because there were some untracked files. Signed-off-by: Boris Ranto <branto@redhat.com>
*	selinux: Update the SELinux policy rules	Boris Ranto	2015-08-05	1	-0/+29
\| \| \| \| \| \| \|	Few new denials were found while testing the policy. Updating the policy rules to refelct that. Signed-off-by: Boris Ranto <branto@redhat.com>
*	SELinux Makefile can't work in parallel	Boris Ranto	2015-08-05	1	-1/+1
\| \| \| \| \| \| \| \|	We need to force single-core compilation of SELinux policy files in the sub-make target as SELinux Makefile does not work properly when run in parallel mode. Signed-off-by: Boris Ranto <branto@redhat.com>
*	selinux: Allow setuid and setgid to ceph-mon and ceph-osd	Boris Ranto	2015-08-05	1	-0/+1
\| \| \| \|	Signed-off-by: Boris Ranto <branto@redhat.com>
*	Update selinux policy (after local test).	Milan Broz	2015-08-05	2	-18/+15
\| \| \| \| \| \|	Changes enerated with ceph-test package. Signed-off-by: Milan Broz <mbroz@redhat.com>
*	Add initial SELinux support	Boris Ranto	2015-08-05	5	-0/+709
	This patch modifies the build system and spec file to provide a support for SELinux enforcing in an opt-in matter via ceph-selinux package. Signed-off-by: Boris Ranto <branto@redhat.com>