From: Boris Ranto <branto@redhat.com>
Date: Tue, 1 Mar 2016 08:03:05 +0000 (+0100)
Subject: selinux: allow dac_override capability
X-Git-Tag: v10.1.0~95^2~1
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=519b03f4b055fd247197d7383810764de31bebc1;p=ceph.git

selinux: allow dac_override capability

Fixes: #14870
Signed-off-by: Boris Ranto <branto@redhat.com>
---

diff --git a/selinux/ceph.te b/selinux/ceph.te
index 613fe4e25e53..e31f68118ec1 100644
--- a/selinux/ceph.te
+++ b/selinux/ceph.te
@@ -43,7 +43,7 @@ files_pid_file(ceph_var_run_t)
 allow ceph_t self:process { signal_perms };
 allow ceph_t self:fifo_file rw_fifo_file_perms;
 allow ceph_t self:unix_stream_socket create_stream_socket_perms;
-allow ceph_t self:capability { setuid setgid };
+allow ceph_t self:capability { setuid setgid dac_override };
 
 manage_dirs_pattern(ceph_t, ceph_log_t, ceph_log_t)
 manage_files_pattern(ceph_t, ceph_log_t, ceph_log_t)