Update SELinux policy

The collectors need to be able to determine whether an OSD uses
filestore or bluestore

Signed-off-by: Zack Cerza <zack@redhat.com>

diff --git a/selinux/cephmetrics.te b/selinux/cephmetrics.te
index f0e7add663d0c7a78dee04e008989b11be596529..9e95937f420d8573bd74c140025ce88a23859229 100644 (file)
--- a/selinux/cephmetrics.te
+++ b/selinux/cephmetrics.te
@@ -5,6 +5,7 @@ require {
        type ceph_t;
        type ceph_var_run_t;
        type ceph_var_lib_t;
+       type fixed_disk_device_t;
        class unix_stream_socket connectto;
        class dir read;
        class file getattr;
@@ -17,6 +18,9 @@ require {
 allow collectd_t ceph_t:unix_stream_socket connectto;
 allow collectd_t ceph_var_run_t:dir read;
 allow collectd_t ceph_var_lib_t:file getattr;
+allow collectd_t ceph_var_lib_t:lnk_file getattr;
+allow collectd_t ceph_var_lib_t:lnk_file read;
+allow collectd_t fixed_disk_device_t:blk_file getattr;
 allow collectd_t self:capability2 block_suspend;
 allow collectd_t var_log_t:dir { add_name write };
 allow collectd_t var_log_t:file create;