From f8a0e201ee54759695ef44f7ed98b3b9705fafe3 Mon Sep 17 00:00:00 2001
From: Boris Ranto <branto@redhat.com>
Date: Thu, 29 Sep 2016 12:08:39 +0200
Subject: selinux: Allow ceph to manage tmp files

Two new denials showed up in testing that relate to ceph trying to
manage (rename and unlink) tmp files. This commit allows ceph to manage
the files.

Fixes: http://tracker.ceph.com/issues/17436

Signed-off-by: Boris Ranto <branto@redhat.com>
---
 selinux/ceph.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/selinux/ceph.te b/selinux/ceph.te
index 179396aaef9..4eab40d8fc5 100644
--- a/selinux/ceph.te
+++ b/selinux/ceph.te
@@ -93,6 +93,7 @@ allow ceph_t self:tcp_socket { accept listen };
 corenet_tcp_connect_cyphesis_port(ceph_t)
 corenet_tcp_connect_generic_port(ceph_t)
 files_list_tmp(ceph_t)
+files_manage_generic_tmp_files(ceph_t)
 fstools_exec(ceph_t)
 nis_use_ypbind_uncond(ceph_t)
 storage_raw_rw_fixed_disk(ceph_t)
-- 
cgit v1.2.3