From: Boris Ranto <branto@redhat.com>
Date: Tue, 6 Jun 2017 19:27:54 +0000 (+0200)
Subject: selinux: Allow read on var_run_t
X-Git-Tag: v12.1.0~251^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=899adbf55cf70a57db2147b2e726c53d4fd0009f;p=ceph.git

selinux: Allow read on var_run_t

Fixes: http://tracker.ceph.com/issues/16674
Signed-off-by: Boris Ranto <branto@redhat.com>
---

diff --git a/selinux/ceph.te b/selinux/ceph.te
index 5c6bb8ea29f..272947d1e44 100644
--- a/selinux/ceph.te
+++ b/selinux/ceph.te
@@ -108,7 +108,7 @@ allow ceph_t random_device_t:chr_file getattr;
 allow ceph_t urandom_device_t:chr_file getattr;
 allow ceph_t self:process setpgid;
 allow ceph_t var_run_t:dir { write create add_name };
-allow ceph_t var_run_t:file { write create open getattr };
+allow ceph_t var_run_t:file { read write create open getattr };
 
 fsadm_manage_pid(ceph_t)