selinux: Fix ceph-iscsi etc access
This fixes the selinux errors like this for /etc/target
-----------------------------------
Additional Information:
Source Context system_u:system_r:ceph_t:s0
Target Context system_u:object_r:targetd_etc_rw_t:s0
Target Objects target [ dir ]
Source rbd-target-api
Source Path rbd-target-api
Port <Unknown>
Host ans8
Source RPM Packages
Target RPM Packages
Policy RPM selinux-policy-3.14.3-20.el8.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name ans8
Platform Linux ans8 4.18.0-147.el8.x86_64 #1 SMP
Thu Sep 26
15:52:44 UTC 2019 x86_64 x86_64
Alert Count 1
First Seen 2020-01-08 18:39:48 EST
Last Seen 2020-01-08 18:39:48 EST
Local ID
9a13ee18-eaf2-4f2a-872f-
2809ee4928f6
Raw Audit Messages
type=AVC msg=audit(
1578526788.148:69): avc: denied { search } for
pid=995 comm="rbd-target-api" name="target" dev="sda1" ino=52198
scontext=system_u:system_r:ceph_t:s0
tcontext=system_u:object_r:targetd_etc_rw_t:s0 tclass=dir permissive=1
Hash: rbd-target-api,ceph_t,targetd_etc_rw_t,dir,search
which are a result of the rtslib library the ceph-iscsi daemons use
accessing /etc/target to read/write a file which stores meta data the
target uses.
Signed-off-by: Mike Christie <mchristi@redhat.com>
(cherry picked from commit
53be18165323a80895a34185df4ad9e8d37db618)
projects / ceph.git / commit