]> git.apps.os.sepia.ceph.com Git - ceph.git/commitdiff
projects / ceph.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7d7993f)
selinux: Allow getattr on lnk sysfs files 17891/head
authorBoris Ranto <branto@redhat.com>
Thu, 21 Sep 2017 15:24:07 +0000 (17:24 +0200)
committerBoris Ranto <branto@redhat.com>
Thu, 21 Sep 2017 15:24:10 +0000 (17:24 +0200)
This showed up during downstream testing for luminous. We are doing
getattr on the sysfs lnk files and the current policy does not allow
this.

Signed-off-by: Boris Ranto <branto@redhat.com>
selinux/ceph.te patch | blob | history

diff --git a/selinux/ceph.te b/selinux/ceph.te
index 552f73601cd9262e83c59bfc9c6876e6f5c8d085..0a9349803b12831eb72b266d4e74d5ac38c3e98a 100644 (file)
--- a/selinux/ceph.te
+++ b/selinux/ceph.te
@@ -106,7 +106,7 @@ files_manage_generic_locks(ceph_t)
 
 allow ceph_t sysfs_t:dir read;
 allow ceph_t sysfs_t:file { read getattr open };
-allow ceph_t sysfs_t:lnk_file read;
+allow ceph_t sysfs_t:lnk_file { read getattr };
 
 allow ceph_t random_device_t:chr_file getattr;
 allow ceph_t urandom_device_t:chr_file getattr;
Unnamed repository; edit this file 'description' to name the repository.