selinux: Allow ceph to read udev db

We are using libudev and reading the udev db files because of that. We
need to allow ceph to access these files in the SELinux policy.

Signed-off-by: Boris Ranto <branto@redhat.com>
(cherry picked from commit ef191068d6c8147f52ac264097a62698d1f67be8)

diff --git a/selinux/ceph.te b/selinux/ceph.te
index a56eb6a55abc9ace03e5ede6d97f3513a2e8f326..06db59c911a1f8801fc809d6ca96b01a2daccbd6 100644 (file)
--- a/selinux/ceph.te
+++ b/selinux/ceph.te
@@ -90,6 +90,8 @@ logging_send_syslog_msg(ceph_t)
 
 sysnet_dns_name_resolve(ceph_t)
 
+udev_read_db(ceph_t)
+
 allow ceph_t nvme_device_t:blk_file { getattr ioctl open read write };
 
 # basis for future security review