From: Boris Ranto <branto@redhat.com>
Date: Wed, 15 Jul 2015 16:20:52 +0000 (+0200)
Subject: selinux: Allow setuid and setgid to ceph-mon and ceph-osd
X-Git-Tag: v9.1.0~432^2~6
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=bed5703367c94c355c3aa64241130718c71884ea;p=ceph.git

selinux: Allow setuid and setgid to ceph-mon and ceph-osd

Signed-off-by: Boris Ranto <branto@redhat.com>
---

diff --git a/selinux/ceph.te b/selinux/ceph.te
index fa1393e825e5..5d3ad5a38512 100644
--- a/selinux/ceph.te
+++ b/selinux/ceph.te
@@ -31,6 +31,7 @@ files_pid_file(ceph_var_run_t)
 allow ceph_t self:process { signal_perms };
 allow ceph_t self:fifo_file rw_fifo_file_perms;
 allow ceph_t self:unix_stream_socket create_stream_socket_perms;
+allow ceph_t self:capability { setuid setgid };
 
 manage_dirs_pattern(ceph_t, ceph_log_t, ceph_log_t)
 manage_files_pattern(ceph_t, ceph_log_t, ceph_log_t)