selinux: Allow ceph to read udev db

We are using libudev and reading the udev db files because of that. We
need to allow ceph to access these files in the SELinux policy.

Signed-off-by: Boris Ranto <branto@redhat.com>

diff --git a/selinux/ceph.te b/selinux/ceph.te
index 90b4e1bee642d2c584ac6edba9a59e2e4ba2dc4c..c3be384c56bae027dd762a70eedf354f21dd6326 100644 (file)
--- a/selinux/ceph.te
+++ b/selinux/ceph.te
@@ -105,6 +105,8 @@ logging_send_syslog_msg(ceph_t)
 
 sysnet_dns_name_resolve(ceph_t)
 
+udev_read_db(ceph_t)
+
 allow ceph_t nvme_device_t:blk_file { getattr ioctl open read write };
 
 # basis for future security review