From: kalebskeithley <kaleb@redhat.com>
Date: Wed, 8 Jul 2020 19:20:30 +0000 (-0400)
Subject: selinux: allow ceph_t amqp_port_t:tcp_socket
X-Git-Tag: v16.1.0~1780^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=05c523185b2d5ddd9e10f425c7e1f1ee1e409ba2;p=ceph.git

selinux: allow ceph_t amqp_port_t:tcp_socket

allow ceph_t amqp_port_t:tcp_socket name_connect;
allow ceph_t soundd_port_t:tcp_socket name_connect;

Required for running RabbitMQ

(soundd_port_t) for running RabbitMQ on port 8000

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1854083
Signed-off-by: Kaleb S. KEITHLEY <kkeithle@redhat.com>
---

diff --git a/selinux/ceph.te b/selinux/ceph.te
index c706c0c29910..2e710e1b1d40 100644
--- a/selinux/ceph.te
+++ b/selinux/ceph.te
@@ -88,6 +88,8 @@ corenet_tcp_sendrecv_cyphesis_port(ceph_t)
 
 allow ceph_t commplex_main_port_t:tcp_socket name_connect;
 allow ceph_t http_cache_port_t:tcp_socket name_connect;
+allow ceph_t amqp_port_t:tcp_socket name_connect;
+allow ceph_t soundd_port_t:tcp_socket name_connect;
 
 corecmd_exec_bin(ceph_t)
 corecmd_exec_shell(ceph_t)