]> git-server-git.apps.pok.os.sepia.ceph.com Git - ceph.git/commitdiff
projects / ceph.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2241792)
selinux: allow dac_override capability
authorBoris Ranto <branto@redhat.com>
Tue, 1 Mar 2016 08:03:05 +0000 (09:03 +0100)
committerBoris Ranto <branto@redhat.com>
Tue, 8 Mar 2016 09:57:59 +0000 (10:57 +0100)
Fixes: #14870
Signed-off-by: Boris Ranto <branto@redhat.com>
selinux/ceph.te patch | blob | history

diff --git a/selinux/ceph.te b/selinux/ceph.te
index 613fe4e25e530b2c79717d6c0af24252af755294..e31f68118ec10ba3cf4e6cc42fd75f288c36065e 100644 (file)
--- a/selinux/ceph.te
+++ b/selinux/ceph.te
@@ -43,7 +43,7 @@ files_pid_file(ceph_var_run_t)
 allow ceph_t self:process { signal_perms };
 allow ceph_t self:fifo_file rw_fifo_file_perms;
 allow ceph_t self:unix_stream_socket create_stream_socket_perms;
-allow ceph_t self:capability { setuid setgid };
+allow ceph_t self:capability { setuid setgid dac_override };
 
 manage_dirs_pattern(ceph_t, ceph_log_t, ceph_log_t)
 manage_files_pattern(ceph_t, ceph_log_t, ceph_log_t)
Unnamed repository; edit this file 'description' to name the repository.