ceph-mgr loads modules which require read access and this causes a
denial on el7.
Fixes: https://tracker.ceph.com/issues/44216
Signed-off-by: Brad Hubbard <bhubbard@redhat.com>
(cherry picked from commit
35a7fc8249337c3c59f0c561632abf578f5d20fc)
type urandom_device_t;
type setfiles_t;
type nvme_device_t;
+ type httpd_config_t;
class sock_file unlink;
class lnk_file read;
class dir read;
allow ceph_t var_run_t:dir { write create add_name };
allow ceph_t var_run_t:file { read write create open getattr };
+allow ceph_t httpd_config_t:dir search;
+
fsadm_manage_pid(ceph_t)
#============= setfiles_t ==============