selinux: Allow setuid and setgid to ceph-mon and ceph-osd

Signed-off-by: Boris Ranto <branto@redhat.com>

diff --git a/selinux/ceph.te b/selinux/ceph.te
index fa1393e825e59ba66886ed9c0050ad13a4a17ed9..5d3ad5a38512bdde59b010e54aa4b093fff73d94 100644 (file)
--- a/selinux/ceph.te
+++ b/selinux/ceph.te
@@ -31,6 +31,7 @@ files_pid_file(ceph_var_run_t)
 allow ceph_t self:process { signal_perms };
 allow ceph_t self:fifo_file rw_fifo_file_perms;
 allow ceph_t self:unix_stream_socket create_stream_socket_perms;
+allow ceph_t self:capability { setuid setgid };
 
 manage_dirs_pattern(ceph_t, ceph_log_t, ceph_log_t)
 manage_files_pattern(ceph_t, ceph_log_t, ceph_log_t)