]> git.apps.os.sepia.ceph.com Git - ceph.git/commitdiff
projects / ceph.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c5c3c09)
selinux: Allow ceph to setsched 34433/head
authorBrad Hubbard <bhubbard@redhat.com>
Wed, 19 Feb 2020 03:36:24 +0000 (13:36 +1000)
committerBrad Hubbard <bhubbard@redhat.com>
Tue, 7 Apr 2020 08:17:07 +0000 (18:17 +1000)
In several places, such as common/numa.cc we call sched_setaffinity
which requires this permission.

Fixes: https://tracker.ceph.com/issues/44196
Signed-off-by: Brad Hubbard <bhubbard@redhat.com>
(cherry picked from commit 43103e0207bfacf02f7f9533b36443d65f95d718)

selinux/ceph.te patch | blob | history

diff --git a/selinux/ceph.te b/selinux/ceph.te
index c3be384c56bae027dd762a70eedf354f21dd6326..e2a848149ccbeec553d9a625d49e5e4f04c814b9 100644 (file)
--- a/selinux/ceph.te
+++ b/selinux/ceph.te
@@ -142,6 +142,7 @@ allow ceph_t configfs_t:lnk_file { create getattr read unlink };
 allow ceph_t random_device_t:chr_file getattr;
 allow ceph_t urandom_device_t:chr_file getattr;
 allow ceph_t self:process setpgid;
+allow ceph_t self:process setsched;
 allow ceph_t var_run_t:dir { write create add_name };
 allow ceph_t var_run_t:file { read write create open getattr };
 allow ceph_t init_var_run_t:file getattr;
Unnamed repository; edit this file 'description' to name the repository.