selinux: Allow ceph to read udev db

We are using libudev and reading the udev db files because of that. We
need to allow ceph to access these files in the SELinux policy.

Signed-off-by: Boris Ranto <branto@redhat.com>
(cherry picked from commit ef191068d6c8147f52ac264097a62698d1f67be8)

diff --git a/selinux/ceph.te b/selinux/ceph.te
index 90b4e1bee642d2c584ac6edba9a59e2e4ba2dc4c..c3be384c56bae027dd762a70eedf354f21dd6326 100644 (file)
--- a/selinux/ceph.te
+++ b/selinux/ceph.te
@@ -105,6 +105,8 @@ logging_send_syslog_msg(ceph_t)
 
 sysnet_dns_name_resolve(ceph_t)
 
+udev_read_db(ceph_t)
+
 allow ceph_t nvme_device_t:blk_file { getattr ioctl open read write };
 
 # basis for future security review